CVE-2022-23596

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-23596

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23596.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-23596

Aliases

GHSA-m6cj-93v6-cvr5

Published

2022-02-01T12:15:08Z

Modified

2024-05-14T11:35:27.300113Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. The problem is patched in 7.4.1. There are no known workarounds and users are advised to upgrade as soon as possible.

References

Affected packages

Git / github.com/junrar/junrar

Affected ranges

Type: GIT
Repo: https://github.com/junrar/junrar
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7b16b3d90b91445fd6af0adfed22c07413d4fab7

Affected versions

junrar-0.*

junrar-0.6

junrar-0.7

junrar-1.*

junrar-1.0.0

junrar-1.0.1

junrar-2.*

junrar-2.0.0

junrar-3.*

junrar-3.0.0

junrar-3.1.0

junrar-3.1.1

junrar-4.*

junrar-4.0.0

v4.*

v4.0.0

v5.*

v5.0.0

v6.*

v6.0.0

v6.0.1

v7.*

v7.0.0

v7.1.0

v7.2.0

v7.3.0

v7.4.0