Описание
Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| rar | fixed | 1:3.7b1-1 | package | |
| rar | no-dsa | sarge | package | |
| rar | no-dsa | etch | package | |
| unrar-nonfree | fixed | 1:3.7.3-1 | package | |
| unrar-nonfree | fixed | 1:3.5.2-0.2 | sarge | package |
| unrar-nonfree | fixed | 1:3.5.4-1.1 | etch | package |
Примечания
amavid-new automatically uses "rar -p-" or "unrar -p-",
which probably turns this into remote code execution
clamav can also call unrar -p-, but AFAICS not in default configuration
unrar-free and clamav (which embeds unrar-free code) not affected
EPSS
Связанные уязвимости
Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.
Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.
Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.
EPSS