CVE-2023-40477Improper Validation of Array Index in Winrar

CWE-129Improper Validation of Array Index14 documents8 sources
Severity
7.8HIGHNVD
EPSS
92.8%
top 0.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Rarlab RARRarlab Winrar
Timeline
PublishedMay 3
Latest updateMar 12

Description

RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of recovery volumes. The issue results from the lack of proper validation of user-supplied data, which ca

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDrarlab/winrar< 6.23
CVEListV5rarlab/winrar6.21
Debianrarlab/rar< 2:6.23-1~deb11u1+3

🔴Vulnerability Details

6
OSV
rar vulnerabilities2025-03-12
OSV
unrar-nonfree vulnerabilities2025-03-12
GHSA
GHSA-58vr-f4x9-3h36: RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability2024-05-03
OSV
CVE-2023-40477: RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability2024-05-03
CVEList
RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability2024-05-03

📋Vendor Advisories

4
Ubuntu
UnRAR vulnerabilities2025-03-12
Ubuntu
RAR vulnerabilities2025-03-12
Ubuntu
libclamunrar vulnerabilities2024-01-08
Debian
CVE-2023-40477: libclamunrar - RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Exe...2023

🕵️Threat Intelligence

2
Unit42
Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT2023-09-19
Unit42
Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT2023-09-19
CVE-2023-40477 — Improper Validation of Array Index | cvebase