CVE-2017-20006
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-20006
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-20006.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-20006
- Downstream
- Related
- Published
- 2021-07-01T03:15:07Z
- Modified
- 2025-10-21T04:16:52.171646Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).
- References
Affected packages
Git / github.com/aawc/unrar
Affected ranges
- Type
- GIT
- Repo
- https://github.com/aawc/unrar
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "90343114962949996429848029695282456197",
"length": 1111.0
},
"target": {
"function": "Unpack::CopyString",
"file": "unpackinline.cpp"
},
"id": "CVE-2017-20006-0bd86f32",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "211591855060559265962058764654225742449",
"length": 5727.0
},
"target": {
"function": "Archive::ProcessExtra50",
"file": "arcread.cpp"
},
"id": "CVE-2017-20006-0dc4626a",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "328443265461832612051274232081128521787",
"length": 128.0
},
"target": {
"function": "Archive::Seek",
"file": "archive.cpp"
},
"id": "CVE-2017-20006-13c2a27b",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"266224050307152192220220393026069619900",
"232449944946857789642323397662387344962",
"262870819394698713884274432485504349960",
"94619930928130408187909430686791064156",
"127593574595316932138407009655058891784",
"172046542376094560285097978445279556804",
"259550558008264968486753087138785150481",
"94619930928130408187909430686791064156"
],
"threshold": 0.9
},
"target": {
"file": "unpack50mt.cpp"
},
"id": "CVE-2017-20006-1b9fe7b7",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"158141582397669759087220833103199265730",
"79004118379010255912802150439087686774",
"154474263922150168827201640507745597794",
"29231970457296702048265925856714787168",
"134742290012764048736758163273913781837",
"31996496297357194044149420907960674672",
"19090876647008526414396765254311907631",
"287735991644930905883416617840635376127"
],
"threshold": 0.9
},
"target": {
"file": "file.hpp"
},
"id": "CVE-2017-20006-28a3eb41",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"227993926256380781738962131723810335289",
"70331881377174440462150025848214811880",
"171997064487106057849455266479000326845",
"261869766930064300408575893071452073024"
],
"threshold": 0.9
},
"target": {
"file": "arccmt.cpp"
},
"id": "CVE-2017-20006-2befd814",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"116371787702855818675814970654554055754",
"221729975579872095559610959245929840545",
"54871534346814713957742046797276012787",
"135532603695297858869982188683146896907",
"337053525647501815767627770784575328000",
"292017966808680050395015865910524529852",
"197334986130536505496996924283439436805",
"151589608525787005757168073534883341282"
],
"threshold": 0.9
},
"target": {
"file": "unpack30.cpp"
},
"id": "CVE-2017-20006-3f9ffa95",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "106368486498536475024394055756363638562",
"length": 913.0
},
"target": {
"function": "QuickOpen::Load",
"file": "qopen.cpp"
},
"id": "CVE-2017-20006-43e7bbad",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "57313176285886914291290986312335923961",
"length": 6730.0
},
"target": {
"function": "Archive::ReadHeader50",
"file": "arcread.cpp"
},
"id": "CVE-2017-20006-444043b6",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"281803824903422912011075047783636726440",
"111316749800256920005913886160980663836",
"305626123995167027590743681823203612882",
"168143228341926424204388945101473546603"
],
"threshold": 0.9
},
"target": {
"file": "unpack.hpp"
},
"id": "CVE-2017-20006-48fb173f",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"125439969621432922237779009703411999196",
"4545317630304059319263198974753859253",
"315114079605323612432495778251177281930",
"175983976667343505567219788997338521017",
"331875467254132482791592546422129188960",
"176962210523725545755005487966680036375",
"414975894746125838875213825098110039",
"239722346355680381747938633308848865661",
"6615126800773669665071890130748253314",
"226517688189235338934145093188311835103",
"307391162466499183279271333991387620662",
"239595285130063448161701889438069415378",
"129727909297585528924095906511464454870",
"66487114481658577542156300609929519033",
"94455031597907728641857575390399961658",
"305916272357387580715462967011168572058",
"209802562115630218526731329080818485883",
"245736599383820421026943778583114320066",
"132284204937485087762313978365111278419",
"263351779276043049875209233879712030728",
"282555825765625152586213916275040625367",
"405246579926242346643654896080351466",
"241701540542051578157475470837615020191",
"224547633212907703885978941479941452361",
"295419994908710946164543169215081349542",
"121540787105567859877574742479207137823",
"8038238249396290846828785335892323826",
"103926704001681539064008377745452811634",
"199215683178841242590155510909687720790",
"317131640878555404434762367684503326354",
"109534724099576475246726947359325839573"
],
"threshold": 0.9
},
"target": {
"file": "archive.cpp"
},
"id": "CVE-2017-20006-4a67c874",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "326816069549384150760644242276062893301",
"length": 1464.0
},
"target": {
"function": "Unpack::ProcessDecoded",
"file": "unpack50mt.cpp"
},
"id": "CVE-2017-20006-5d5b567d",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"83990674456027421838033145819317692840",
"290557742020616814065257113026904351397",
"282685245645255377008102677297462364321",
"270094163761223237651849838413694354685",
"145321005985303813617038684153130431231",
"3734449109690485399063399021342449994",
"156953147822458935554870348171493497743",
"258337595450374203999433575330355505503",
"8194504633776631550289467490238698453",
"303029508642201104528751330585094749694",
"121825923486153412521667061763439503772",
"170870527135432115609228926969740968172",
"256967810515128926038701118421794169113"
],
"threshold": 0.9
},
"target": {
"file": "cmddata.cpp"
},
"id": "CVE-2017-20006-63b27ce6",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"22303575055064980814934136442470410429",
"146018735251752523765872685834361698579",
"259550558008264968486753087138785150481",
"94619930928130408187909430686791064156"
],
"threshold": 0.9
},
"target": {
"file": "unpack50.cpp"
},
"id": "CVE-2017-20006-642507e3",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "62015447464459722243507513608270217167",
"length": 874.0
},
"target": {
"function": "Archive::Archive",
"file": "archive.cpp"
},
"id": "CVE-2017-20006-69a55d58",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"30248472355817207212567377083801847824",
"214095735129370556403249475619293033825",
"182486112263653150731917215197707448361",
"248847400199280000848039940235197993927",
"101218921018559914754508515183302184895",
"280542804997426741001775549846146129953",
"117674352524237322698683375761316221930"
],
"threshold": 0.9
},
"target": {
"file": "options.hpp"
},
"id": "CVE-2017-20006-6f72f3a4",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "336503522489488794163516375709482519655",
"length": 2774.0
},
"target": {
"function": "Archive::GetComment",
"file": "arccmt.cpp"
},
"id": "CVE-2017-20006-706f781f",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "155742209633723013786252252239659614509",
"length": 883.0
},
"target": {
"function": "CommandData::IsProcessFile",
"file": "cmddata.cpp"
},
"id": "CVE-2017-20006-717d1717",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "306408901045839469250997271112364573459",
"length": 888.0
},
"target": {
"function": "WideToCharMap",
"file": "unicode.cpp"
},
"id": "CVE-2017-20006-71b36162",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"284762983116507218378281586959971973125",
"100134322991216619722665815534950721615",
"53627799210019836958042689216387170037",
"242285286248403210587860852100536420849",
"39013802229861275382675295111329648356",
"105616826633157220293868702887407405794",
"161100454797052113245289599519713134380"
],
"threshold": 0.9
},
"target": {
"file": "unpackinline.cpp"
},
"id": "CVE-2017-20006-71e96f7c",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"304818961958524242209198197210217950671",
"105369542015182672834987992543354780826",
"160177159948499797136594658259798737389",
"153407221527579655144229583464891022654",
"181307085588316924226927148004173696735",
"313793837030273393424535599320943843598",
"212345579833583199885648523001120159597",
"299758316727023120356684528719278523104",
"260282034066136197694740002416638789997",
"15079372320745833524156053562887212222"
],
"threshold": 0.9
},
"target": {
"file": "qopen.cpp"
},
"id": "CVE-2017-20006-79878fa3",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "264142459667130450775381967650726527760",
"length": 110.0
},
"target": {
"function": "Archive::Tell",
"file": "archive.cpp"
},
"id": "CVE-2017-20006-79e65a89",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "68361633126967578813246419177150789789",
"length": 176.0
},
"target": {
"function": "Archive::Read",
"file": "archive.cpp"
},
"id": "CVE-2017-20006-7c2c31f1",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "302115741526245665462819777332924348165",
"length": 1574.0
},
"target": {
"function": "CommandData::ProcessCommand",
"file": "cmddata.cpp"
},
"id": "CVE-2017-20006-84bd6436",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "30797343152955866128056535994805682356",
"length": 124.0
},
"target": {
"function": "Archive::Open",
"file": "archive.cpp"
},
"id": "CVE-2017-20006-88db90f5",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"289959282021000608139260250166966798979",
"123051079444923619293213835622619290391",
"306065518714135860193572160478900410488",
"246235540523923049119297567118451109684",
"183678201665381912935944303663068788239"
],
"threshold": 0.9
},
"target": {
"file": "compress.hpp"
},
"id": "CVE-2017-20006-a1e19647",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "9759109512098628014909377154467037849",
"length": 2666.0
},
"target": {
"function": "Unpack::Unpack5",
"file": "unpack50.cpp"
},
"id": "CVE-2017-20006-abb03290",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "111933284754089393698325474702347305880",
"length": 2644.0
},
"target": {
"function": "Unpack::AddVMCode",
"file": "unpack30.cpp"
},
"id": "CVE-2017-20006-b40ba3f1",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"27966204981702098167288430540987046103",
"331053813627232539810505885194184737780",
"137036619112959472767239503482465912053",
"164239315942819414670554917804964906274"
],
"threshold": 0.9
},
"target": {
"file": "rar.hpp"
},
"id": "CVE-2017-20006-c06a43db",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "196674979849335696803306804686030013185",
"length": 777.0
},
"target": {
"function": "CharToWideMap",
"file": "unicode.cpp"
},
"id": "CVE-2017-20006-c458c9e9",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"49999506860410748415416885958350452474",
"70968506444758082133273319961103333093",
"80545269695344626403335141383256756729",
"228172526825895992901879545163269275777"
],
"threshold": 0.9
},
"target": {
"file": "recvol5.cpp"
},
"id": "CVE-2017-20006-d2b5c3ca",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"124493692867022169938725082052495361193",
"207875786323775134232158988264125303672",
"221846467968626330673653615904796474939",
"124179265298325937463007008237116642034",
"202715572148200897417036874670418254746",
"140483198264236878833374174554661384904",
"80587509196750810637295101239375474465",
"68039359327122508591978595429285419224"
],
"threshold": 0.9
},
"target": {
"file": "arcread.cpp"
},
"id": "CVE-2017-20006-d6a1425a",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"55682150610273076005854187553706344576",
"196739775355538728483476203111361558074",
"304334992224470946567106733418619599091",
"100343636013293485526145690477470869277",
"142253210507428933055788416183081167425",
"70387315341705632083305214154151700095",
"116774845858650837709699038685855823887",
"74553983926789505608322163216800555490"
],
"threshold": 0.9
},
"target": {
"file": "unicode.cpp"
},
"id": "CVE-2017-20006-db41f283",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "106253231962099833644500160639460373590",
"length": 2550.0
},
"target": {
"function": "Unpack::UnpackLargeBlock",
"file": "unpack50mt.cpp"
},
"id": "CVE-2017-20006-dedc70e1",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"112810031570717048971324615047710446144",
"205071399611453709189934130825064750734",
"174066595049718629103170955262501417263",
"327919482331948847842170475717903841756",
"312070881659893666226229726021275874038",
"178925418685852892242256667034449699558",
"26573060942185906973193258967285805846",
"156175963871405614907038789208589266381",
"237004620371068339134078707638475044523",
"248311427239894617146941994132345874498",
"187305357061631177388833680797445557484",
"257576018520445809663461420256920947093",
"156399730410011764557815708629740785676"
],
"threshold": 0.9
},
"target": {
"file": "archive.hpp"
},
"id": "CVE-2017-20006-f6ae4ff1",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Line"
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "148134631852812707645515987203950886789",
"length": 5969.0
},
"target": {
"function": "RecVolumes5::Restore",
"file": "recvol5.cpp"
},
"id": "CVE-2017-20006-facad494",
"source": "https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779",
"signature_type": "Function"
}
]