Lucene search

[email protected]CVE-2007-1457

HistoryMar 14, 2007 - 6:19 p.m.

CVE-2007-1457

2007-03-1418:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-1457

buffer overflow

urarlib_get

christian scheurer

unique rar file library

security vulnerability

7.9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.4%

JSON

Buffer overflow in the urarlib_get function in Christian Scheurer UniquE RAR File Library (unrarlib, aka URARFileLib) 0.4 allows context-dependent attackers to execute arbitrary code via a long (1) filename, (2) rarfile, or (3) libpassword argument.

CPENameOperatorVersion
christian_scheurer:unrarlibchristian scheurer unrarlibeq0.4
christian_scheurer:urarfilelibchristian scheurer urarfilelibeq0.4

CPE	Name	Operator	Version
christian_scheurer:unrarlib	christian scheurer unrarlib	eq	0.4
christian_scheurer:urarfilelib	christian scheurer urarfilelib	eq	0.4

References

marc.info/?l=full-disclosure&m=117392197607422&w=2

osvdb.org/34076

secunia.com/advisories/24472

unrarlib.svn.sourceforge.net/viewvc/unrarlib/tags/unrarlib040/unrarlib/unrarlib.c?revision=3&view=markup

www.securityfocus.com/bid/22942

www.vupen.com/english/advisories/2007/0961

7.9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.4%

JSON

Related for CVE-2007-1457

securityvulns1 prion1