CVE-2024-33899Improper Neutralization of Escape, Meta, or Control Sequences in Winrar

CWE-150Improper Neutralization of Escape, Meta, or Control Sequences6 documents6 sources
Severity
7.1HIGHNVD
EPSS
1.0%
top 22.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Rarlab RARRarlab Winrar
Timeline
PublishedApr 29
Latest updateMar 12

Description

RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDrarlab/winrar< 7.00
Debianrarlab/rar< 2:7.01-1~deb12u1+2

🔴Vulnerability Details

3
GHSA
GHSA-7m59-rfr2-gh4p: RARLAB WinRAR before 72024-04-29
OSV
CVE-2024-33899: RARLAB WinRAR before 72024-04-29
CVEList
CVE-2024-33899: RARLAB WinRAR before 72024-04-28

📋Vendor Advisories

2
Ubuntu
UnRAR vulnerabilities2025-03-12
Debian
CVE-2024-33899: rar - RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoo...2024
CVE-2024-33899 — Rarlab Winrar vulnerability | cvebase