CVE-2023-40477

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-40477
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40477.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-40477
Related
Published
2024-05-03T03:15:20Z
Modified
2024-09-18T03:25:13.370045Z
Summary
[none]
Details

RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the processing of recovery volumes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21233.

References

Affected packages

Debian:11 / libclamunrar

Package

Name
libclamunrar
Purl
pkg:deb/debian/libclamunrar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.103.10-1~deb11u1

Affected versions

0.*

0.95.1-1
0.95.2-1
0.95.3-1~volatile1
0.95.3-1
0.96-1
0.96-2~volatile1
0.96-2
0.96.4-1~volatile1
0.96.4-1
0.98.1-1
0.98.5-1
0.99-1
0.99-2
0.99-3
0.99-4
0.100.0-1
0.100.1-1
0.101.1-1
0.101.1-2
0.101.2-1
0.102.3-1
0.102.3-2
0.102.3-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / libclamunrar

Package

Name
libclamunrar
Purl
pkg:deb/debian/libclamunrar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.3-1~deb12u1

Affected versions

0.*

0.95.1-1
0.95.2-1
0.95.3-1~volatile1
0.95.3-1
0.96-1
0.96-2~volatile1
0.96-2
0.96.4-1~volatile1
0.96.4-1
0.98.1-1
0.98.5-1
0.99-1
0.99-2
0.99-3
0.99-4
0.100.0-1
0.100.1-1
0.101.1-1
0.101.1-2
0.101.2-1
0.102.3-1
0.102.3-2
0.102.3-3
0.103.10-1~deb11u1

1.*

1.0.0-1
1.0.0-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / libclamunrar

Package

Name
libclamunrar
Purl
pkg:deb/debian/libclamunrar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.3-1

Affected versions

0.*

0.95.1-1
0.95.2-1
0.95.3-1~volatile1
0.95.3-1
0.96-1
0.96-2~volatile1
0.96-2
0.96.4-1~volatile1
0.96.4-1
0.98.1-1
0.98.5-1
0.99-1
0.99-2
0.99-3
0.99-4
0.100.0-1
0.100.1-1
0.101.1-1
0.101.1-2
0.101.2-1
0.102.3-1
0.102.3-2
0.102.3-3
0.103.10-1~deb11u1

1.*

1.0.0-1
1.0.0-2
1.0.3-1~deb12u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:11 / rar

Package

Name
rar
Purl
pkg:deb/debian/rar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:6.23-1~deb11u1

Affected versions

2.*

2.02-2
2.60-1
2.80-2

3.*

3.30-2

1:3.*

1:3.5.1-1
1:3.6.0-1
1:3.7b1-1
1:3.7b1-2
1:3.7.1-1
1:3.7.1-2
1:3.8b2-1
1:3.8b2-2
1:3.8b3-1
1:3.8.0-1
1:3.8.0-2
1:3.9.b2-1
1:3.9.b3-1

2:3.*

2:3.9.0-1
2:3.9.1-1
2:3.9.2-1
2:3.9.3-1

2:4.*

2:4.0.b2-1
2:4.0.b3-1
2:4.2.0-1
2:4.2.0+dfsg.1-0.1

2:5.*

2:5.2.1b2-1
2:5.3.b2-1
2:5.4.0-1
2:5.4.0+dfsg.1-0.1
2:5.5.0-1
2:5.5.0-1.1

2:6.*

2:6.11-0.1
2:6.20~b1-0.1
2:6.20-0.1~deb10u1
2:6.20-0.1~deb11u1
2:6.20-0.1
2:6.23-1~deb10u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / rar

Package

Name
rar
Purl
pkg:deb/debian/rar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:6.23-1~deb12u1

Affected versions

2.*

2.02-2
2.60-1
2.80-2

3.*

3.30-2

1:3.*

1:3.5.1-1
1:3.6.0-1
1:3.7b1-1
1:3.7b1-2
1:3.7.1-1
1:3.7.1-2
1:3.8b2-1
1:3.8b2-2
1:3.8b3-1
1:3.8.0-1
1:3.8.0-2
1:3.9.b2-1
1:3.9.b3-1

2:3.*

2:3.9.0-1
2:3.9.1-1
2:3.9.2-1
2:3.9.3-1

2:4.*

2:4.0.b2-1
2:4.0.b3-1
2:4.2.0-1
2:4.2.0+dfsg.1-0.1

2:5.*

2:5.2.1b2-1
2:5.3.b2-1
2:5.4.0-1
2:5.4.0+dfsg.1-0.1
2:5.5.0-1
2:5.5.0-1.1

2:6.*

2:6.11-0.1
2:6.20~b1-0.1
2:6.20-0.1~deb10u1
2:6.20-0.1~deb11u1
2:6.20-0.1
2:6.23-1~deb10u1
2:6.23-1~deb11u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / rar

Package

Name
rar
Purl
pkg:deb/debian/rar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:6.23-1

Affected versions

2.*

2.02-2
2.60-1
2.80-2

3.*

3.30-2

1:3.*

1:3.5.1-1
1:3.6.0-1
1:3.7b1-1
1:3.7b1-2
1:3.7.1-1
1:3.7.1-2
1:3.8b2-1
1:3.8b2-2
1:3.8b3-1
1:3.8.0-1
1:3.8.0-2
1:3.9.b2-1
1:3.9.b3-1

2:3.*

2:3.9.0-1
2:3.9.1-1
2:3.9.2-1
2:3.9.3-1

2:4.*

2:4.0.b2-1
2:4.0.b3-1
2:4.2.0-1
2:4.2.0+dfsg.1-0.1

2:5.*

2:5.2.1b2-1
2:5.3.b2-1
2:5.4.0-1
2:5.4.0+dfsg.1-0.1
2:5.5.0-1
2:5.5.0-1.1

2:6.*

2:6.11-0.1
2:6.20~b1-0.1
2:6.20-0.1~deb10u1
2:6.20-0.1~deb11u1
2:6.20-0.1
2:6.23-1~deb10u1
2:6.23-1~deb11u1
2:6.23-1~deb12u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:11 / unrar-nonfree

Package

Name
unrar-nonfree
Purl
pkg:deb/debian/unrar-nonfree?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:6.0.3-1+deb11u3

Affected versions

3.*

3.3.6-2
3.3.6-2.0.1
3.4.3-1

1:3.*

1:3.5.2-0.1
1:3.5.2-0.2
1:3.5.4-0.1
1:3.5.4-1
1:3.5.4-1.1
1:3.7.2-1
1:3.7.3-1
1:3.7.3-1.1
1:3.7.8-1
1:3.7.8-2
1:3.8.2-1
1:3.8.4-1
1:3.8.5-1
1:3.8.5-2
1:3.9.3-1
1:3.9.5-1
1:3.9.6-1
1:3.9.7-1
1:3.9.9-1
1:3.9.10-1

1:4.*

1:4.0.2-1
1:4.0.3-1
1:4.1.4-1
1:4.2.4-0.1
1:4.2.4-0.2
1:4.2.4-0.3

1:5.*

1:5.0.10-1
1:5.2.5-1
1:5.2.7-0.1
1:5.3.2-1
1:5.4.5-1
1:5.5.5-1
1:5.5.8-1
1:5.6.6-1
1:5.6.6-2
1:5.9.4-1

1:6.*

1:6.0.3-1
1:6.0.3-1+deb11u1
1:6.0.3-1+deb11u2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / unrar-nonfree

Package

Name
unrar-nonfree
Purl
pkg:deb/debian/unrar-nonfree?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:6.2.6-1+deb12u1

Affected versions

3.*

3.3.6-2
3.3.6-2.0.1
3.4.3-1

1:3.*

1:3.5.2-0.1
1:3.5.2-0.2
1:3.5.4-0.1
1:3.5.4-1
1:3.5.4-1.1
1:3.7.2-1
1:3.7.3-1
1:3.7.3-1.1
1:3.7.8-1
1:3.7.8-2
1:3.8.2-1
1:3.8.4-1
1:3.8.5-1
1:3.8.5-2
1:3.9.3-1
1:3.9.5-1
1:3.9.6-1
1:3.9.7-1
1:3.9.9-1
1:3.9.10-1

1:4.*

1:4.0.2-1
1:4.0.3-1
1:4.1.4-1
1:4.2.4-0.1
1:4.2.4-0.2
1:4.2.4-0.3

1:5.*

1:5.0.10-1
1:5.2.5-1
1:5.2.7-0.1
1:5.3.2-1
1:5.4.5-1
1:5.5.5-1
1:5.5.8-1
1:5.6.6-1
1:5.6.6-2
1:5.9.4-1

1:6.*

1:6.0.3-1
1:6.0.4-1
1:6.0.4-2
1:6.0.5-1
1:6.0.6-1
1:6.0.7-1
1:6.0.7-2
1:6.0.7-3
1:6.0.7-4
1:6.0.7-5
1:6.0.7-6
1:6.1.2-1
1:6.1.3-1
1:6.1.3-2
1:6.1.4-1
1:6.1.5-1
1:6.1.6-1
1:6.1.6-2
1:6.1.6-3
1:6.1.7-1
1:6.1.7-2
1:6.1.7-3
1:6.1.7-4
1:6.2.1-1
1:6.2.1-2
1:6.2.2-1
1:6.2.2-2
1:6.2.3-1
1:6.2.3-2
1:6.2.5-1
1:6.2.6-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / unrar-nonfree

Package

Name
unrar-nonfree
Purl
pkg:deb/debian/unrar-nonfree?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:6.2.10-1

Affected versions

3.*

3.3.6-2
3.3.6-2.0.1
3.4.3-1

1:3.*

1:3.5.2-0.1
1:3.5.2-0.2
1:3.5.4-0.1
1:3.5.4-1
1:3.5.4-1.1
1:3.7.2-1
1:3.7.3-1
1:3.7.3-1.1
1:3.7.8-1
1:3.7.8-2
1:3.8.2-1
1:3.8.4-1
1:3.8.5-1
1:3.8.5-2
1:3.9.3-1
1:3.9.5-1
1:3.9.6-1
1:3.9.7-1
1:3.9.9-1
1:3.9.10-1

1:4.*

1:4.0.2-1
1:4.0.3-1
1:4.1.4-1
1:4.2.4-0.1
1:4.2.4-0.2
1:4.2.4-0.3

1:5.*

1:5.0.10-1
1:5.2.5-1
1:5.2.7-0.1
1:5.3.2-1
1:5.4.5-1
1:5.5.5-1
1:5.5.8-1
1:5.6.6-1
1:5.6.6-2
1:5.9.4-1

1:6.*

1:6.0.3-1
1:6.0.4-1
1:6.0.4-2
1:6.0.5-1
1:6.0.6-1
1:6.0.7-1
1:6.0.7-2
1:6.0.7-3
1:6.0.7-4
1:6.0.7-5
1:6.0.7-6
1:6.1.2-1
1:6.1.3-1
1:6.1.3-2
1:6.1.4-1
1:6.1.5-1
1:6.1.6-1
1:6.1.6-2
1:6.1.6-3
1:6.1.7-1
1:6.1.7-2
1:6.1.7-3
1:6.1.7-4
1:6.2.1-1
1:6.2.1-2
1:6.2.2-1
1:6.2.2-2
1:6.2.3-1
1:6.2.3-2
1:6.2.5-1
1:6.2.6-1
1:6.2.7-1
1:6.2.8-1
1:6.2.9-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}