![]() UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references. ![]() The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. ![]() NOTE: WinRAR and Android RAR are unaffected. RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Crafted data in a ZIP file can trigger a read past the end of an allocated buffer. The specific flaw exists within the parsing of ZIP files. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0.
0 Comments
Leave a Reply. |