Lucene search
GoogleOSV:CVE-2022-23596HistoryFeb 01, 2022 - 12:15 p.m.
CVE-2022-23596
2022-02-0112:15:08
Google
osv.dev
8
Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. The problem is patched in 7.4.1. There are no known workarounds and users are advised to upgrade as soon as possible.
| CPE | Name | Operator | Version |
|---|---|---|---|
| junrar | eq | junrar-3.1.1 | |
| junrar | eq | 7.2.0 | |
| junrar | eq | 4.0.0 | |
| junrar | eq | junrar-2.0.0 | |
| junrar | eq | junrar-1.0.0 | |
| junrar | eq | 7.3.0 | |
| junrar | eq | 6.0.0 | |
| junrar | eq | 7.0.0 | |
| junrar | eq | junrar-0.7 | |
| junrar | eq | junrar-0.6 |
Related
veracode
veracode
Denial Of Service (DoS)
2022-02-03 06:21:29
nvd
nvd
CVE-2022-23596
2022-02-01 12:15:08
prion
prion
Design/Logic Flaw
2022-02-01 12:15:00
osv
osv
cvelist
cvelist
CVE-2022-23596 Infinite loop in junrar
2022-02-01 11:52:47
cve
cve
CVE-2022-23596
2022-02-01 12:15:08
redhatcve
redhatcve
CVE-2022-23596
2022-02-02 17:18:41
ibm
ibm
github
github
redhat
redhat
(RHSA-2022:5532) Important: Red Hat Fuse 7.11.0 release and security update
2022-07-07 14:16:35