Описание
github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.1 (включая)
cpe:2.3:a:nwaples:rardecode:*:*:*:*:*:go:*:*
EPSS
Процентиль: 2%
0.00014
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-789
Связанные уязвимости
CVSS3: 5.3
ubuntu
4 месяца назад
github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.
CVSS3: 5.3
debian
4 месяца назад
github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dic ...
CVSS3: 5.3
github
4 месяца назад
rardecode: DoS risk due to unrestricted RAR dictionary sizes
EPSS
Процентиль: 2%
0.00014
Низкий
5.3 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-789