6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.086 Low
EPSS
Percentile
94.4%
RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files.
RAR and UnRAR contain a boundary error when processing password-protected archives that could result in a stack-based buffer overflow.
A remote attacker could entice a user to process a specially crafted password-protected archive and execute arbitrary code with the rights of the user uncompressing the archive.
There is no known workaround at this time.
All UnRAR users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/unrar-3.7.3"
All RAR users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/rar-3.7.0_beta1"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | app-arch/rar | < 3.7.0_beta1 | UNKNOWN |
Gentoo | any | all | app-arch/unrar | < 3.7.3 | UNKNOWN |