CVE-2024-36052Improper Neutralization of Escape, Meta, or Control Sequences in Winrar

CWE-150Improper Neutralization of Escape, Meta, or Control Sequences4 documents4 sources
Severity
7.5HIGHNVD
CNA7.1
EPSS
0.1%
top 67.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Rarlab Winrar
Timeline
PublishedMay 21
Latest updateOct 15

Description

RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDrarlab/winrar< 7.00

🔴Vulnerability Details

2
CVEList
CVE-2024-36052: RARLAB WinRAR before 72024-05-21
GHSA
GHSA-gp37-m2c5-j775: RARLAB WinRAR before 72024-05-21

📋Vendor Advisories

1
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: DC-Specific Component (unrar) — CVE-2024-360522024-10-15
CVE-2024-36052 — Rarlab Winrar vulnerability | cvebase