SB2017090303 - Multiple vulnerabilities in RARLAB UnRar

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017090303

SB2017090303 - Multiple vulnerabilities in RARLAB UnRar

Published: September 3, 2017 Updated: August 8, 2020

Security Bulletin ID SB2017090303
Severity
High
Patch available
NO
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Path traversal (CVE-ID: CVE-2017-14120)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.


2) NULL pointer dereference (CVE-ID: CVE-2017-14121)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a specially crafted RAR archive. A remote attacker can perform a denial of service (DoS) attack.


3) Out-of-bounds read (CVE-ID: CVE-2017-14122)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References