Gentoo update for RAR, UnRAR



| Updated: 2024-06-14
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2022-30333
CVE-2023-40477
CWE-ID CWE-22
CWE-129
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Public exploit code for vulnerability #2 is available.
Vulnerable software
Gentoo Linux
Operating systems & Components / Operating system

app-arch/unrar
Operating systems & Components / Operating system package or component

app-arch/rar
Operating systems & Components / Operating system package or component

Vendor Gentoo

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Path traversal

EUVDB-ID: #VU62908

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-30333

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences when extracting files from archive. A remote attacker can create a specially crafted archive and overwrite arbitrary files on the system with privileges of the current user.

The vulnerability affects Linux and UNIX systems.

Mitigation

Update the affected packages.
app-arch/rar to version: 6.23
app-arch/unrar to version: 6.2.10

Vulnerable software versions

Gentoo Linux: All versions

app-arch/unrar: before 6.2.10

app-arch/rar: before 6.23

CPE2.3 External links

http://security.gentoo.org/glsa/202309-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

2) Improper Validation of Array Index

EUVDB-ID: #VU79711

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-40477

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper validation of array index when processing recovery volumes. A remote attacker can trick the victim to open a specially crafted archive and execute arbitrary code on the system.

Mitigation

Update the affected packages.
app-arch/rar to version: 6.23
app-arch/unrar to version: 6.2.10

Vulnerable software versions

Gentoo Linux: All versions

app-arch/unrar: before 6.2.10

app-arch/rar: before 6.23

CPE2.3 External links

http://security.gentoo.org/glsa/202309-04


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###