DEBIAN-CVE-2024-33899

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2024-33899
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-33899.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2024-33899
Upstream
Published
2024-04-29T00:15:07.773Z
Modified
2025-11-20T10:17:12.625347Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.

References

Affected packages

Debian:11

rar

Package

Name
rar
Purl
pkg:deb/debian/rar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.02-2
2.60-1
2.80-2

3.*

3.30-2

1:3.*

1:3.5.1-1
1:3.6.0-1
1:3.7b1-1
1:3.7b1-2
1:3.7.1-1
1:3.7.1-2
1:3.8b2-1
1:3.8b2-2
1:3.8b3-1
1:3.8.0-1
1:3.8.0-2
1:3.9.b2-1
1:3.9.b3-1

2:3.*

2:3.9.0-1
2:3.9.1-1
2:3.9.2-1
2:3.9.3-1

2:4.*

2:4.0.b2-1
2:4.0.b3-1
2:4.2.0-1
2:4.2.0+dfsg.1-0.1

2:5.*

2:5.2.1b2-1
2:5.3.b2-1
2:5.4.0-1
2:5.4.0+dfsg.1-0.1
2:5.5.0-1
2:5.5.0-1.1

2:6.*

2:6.11-0.1
2:6.20~b1-0.1
2:6.20-0.1~deb10u1
2:6.20-0.1~deb11u1
2:6.20-0.1
2:6.23-1~deb10u1
2:6.23-1~deb11u1
2:6.23-1~deb12u1
2:6.23-1

2:7.*

2:7.00-1
2:7.01-1~deb12u1
2:7.01-1
2:7.10~b1-1
2:7.10~b1-2
2:7.10-1
2:7.10-2
2:7.11-1
2:7.12-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-33899.json"

unrar-nonfree

Package

Name
unrar-nonfree
Purl
pkg:deb/debian/unrar-nonfree?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.3.6-2
3.3.6-2.0.1
3.4.3-1

1:3.*

1:3.5.2-0.1
1:3.5.2-0.2
1:3.5.4-0.1
1:3.5.4-1
1:3.5.4-1.1
1:3.7.2-1
1:3.7.3-1
1:3.7.3-1.1
1:3.7.8-1
1:3.7.8-2
1:3.8.2-1
1:3.8.4-1
1:3.8.5-1
1:3.8.5-2
1:3.9.3-1
1:3.9.5-1
1:3.9.6-1
1:3.9.7-1
1:3.9.9-1
1:3.9.10-1

1:4.*

1:4.0.2-1
1:4.0.3-1
1:4.1.4-1
1:4.2.4-0.1
1:4.2.4-0.2
1:4.2.4-0.3

1:5.*

1:5.0.10-1
1:5.2.5-1
1:5.2.7-0.1
1:5.3.2-1
1:5.4.5-1
1:5.5.5-1
1:5.5.8-1
1:5.6.6-1
1:5.6.6-2
1:5.9.4-1

1:6.*

1:6.0.3-1
1:6.0.3-1+deb11u1
1:6.0.3-1+deb11u2
1:6.0.3-1+deb11u3
1:6.0.4-1
1:6.0.4-2
1:6.0.5-1
1:6.0.6-1
1:6.0.7-1
1:6.0.7-2
1:6.0.7-3
1:6.0.7-4
1:6.0.7-5
1:6.0.7-6
1:6.1.2-1
1:6.1.3-1
1:6.1.3-2
1:6.1.4-1
1:6.1.5-1
1:6.1.6-1
1:6.1.6-2
1:6.1.6-3
1:6.1.7-1
1:6.1.7-2
1:6.1.7-3
1:6.1.7-4
1:6.2.1-1
1:6.2.1-2
1:6.2.2-1
1:6.2.2-2
1:6.2.3-1
1:6.2.3-2
1:6.2.5-1
1:6.2.6-1
1:6.2.7-1
1:6.2.8-1
1:6.2.9-1
1:6.2.10-1
1:6.2.10-2
1:6.2.11-1
1:6.2.12-1

1:7.*

1:7.0.1-1
1:7.0.1-2
1:7.0.2-1
1:7.0.3-1
1:7.0.4-1
1:7.0.5-1
1:7.0.6-1
1:7.0.6-1.1~exp1
1:7.0.6-1.1
1:7.0.7-1
1:7.0.8-1
1:7.0.9-1
1:7.1.1-1
1:7.1.2-1
1:7.1.2-2
1:7.1.2-3
1:7.1.3-1
1:7.1.4-1
1:7.1.4-2
1:7.1.5-1
1:7.1.5-2
1:7.1.5-3
1:7.1.6-1
1:7.1.7-1
1:7.1.8-1
1:7.1.9-1
1:7.1.10-1
1:7.1.10-2
1:7.1.10-3
1:7.2.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-33899.json"

Debian:12

rar

Package

Name
rar
Purl
pkg:deb/debian/rar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:7.01-1~deb12u1

Affected versions

2.*

2.02-2
2.60-1
2.80-2

3.*

3.30-2

1:3.*

1:3.5.1-1
1:3.6.0-1
1:3.7b1-1
1:3.7b1-2
1:3.7.1-1
1:3.7.1-2
1:3.8b2-1
1:3.8b2-2
1:3.8b3-1
1:3.8.0-1
1:3.8.0-2
1:3.9.b2-1
1:3.9.b3-1

2:3.*

2:3.9.0-1
2:3.9.1-1
2:3.9.2-1
2:3.9.3-1

2:4.*

2:4.0.b2-1
2:4.0.b3-1
2:4.2.0-1
2:4.2.0+dfsg.1-0.1

2:5.*

2:5.2.1b2-1
2:5.3.b2-1
2:5.4.0-1
2:5.4.0+dfsg.1-0.1
2:5.5.0-1
2:5.5.0-1.1

2:6.*

2:6.11-0.1
2:6.20~b1-0.1
2:6.20-0.1~deb10u1
2:6.20-0.1~deb11u1
2:6.20-0.1
2:6.23-1~deb10u1
2:6.23-1~deb11u1
2:6.23-1~deb12u1
2:6.23-1

2:7.*

2:7.00-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-33899.json"

unrar-nonfree

Package

Name
unrar-nonfree
Purl
pkg:deb/debian/unrar-nonfree?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.3.6-2
3.3.6-2.0.1
3.4.3-1

1:3.*

1:3.5.2-0.1
1:3.5.2-0.2
1:3.5.4-0.1
1:3.5.4-1
1:3.5.4-1.1
1:3.7.2-1
1:3.7.3-1
1:3.7.3-1.1
1:3.7.8-1
1:3.7.8-2
1:3.8.2-1
1:3.8.4-1
1:3.8.5-1
1:3.8.5-2
1:3.9.3-1
1:3.9.5-1
1:3.9.6-1
1:3.9.7-1
1:3.9.9-1
1:3.9.10-1

1:4.*

1:4.0.2-1
1:4.0.3-1
1:4.1.4-1
1:4.2.4-0.1
1:4.2.4-0.2
1:4.2.4-0.3

1:5.*

1:5.0.10-1
1:5.2.5-1
1:5.2.7-0.1
1:5.3.2-1
1:5.4.5-1
1:5.5.5-1
1:5.5.8-1
1:5.6.6-1
1:5.6.6-2
1:5.9.4-1

1:6.*

1:6.0.3-1
1:6.0.4-1
1:6.0.4-2
1:6.0.5-1
1:6.0.6-1
1:6.0.7-1
1:6.0.7-2
1:6.0.7-3
1:6.0.7-4
1:6.0.7-5
1:6.0.7-6
1:6.1.2-1
1:6.1.3-1
1:6.1.3-2
1:6.1.4-1
1:6.1.5-1
1:6.1.6-1
1:6.1.6-2
1:6.1.6-3
1:6.1.7-1
1:6.1.7-2
1:6.1.7-3
1:6.1.7-4
1:6.2.1-1
1:6.2.1-2
1:6.2.2-1
1:6.2.2-2
1:6.2.3-1
1:6.2.3-2
1:6.2.5-1
1:6.2.6-1
1:6.2.6-1+deb12u1
1:6.2.7-1
1:6.2.8-1
1:6.2.9-1
1:6.2.10-1
1:6.2.10-2
1:6.2.11-1
1:6.2.12-1

1:7.*

1:7.0.1-1
1:7.0.1-2
1:7.0.2-1
1:7.0.3-1
1:7.0.4-1
1:7.0.5-1
1:7.0.6-1
1:7.0.6-1.1~exp1
1:7.0.6-1.1
1:7.0.7-1
1:7.0.8-1
1:7.0.9-1
1:7.1.1-1
1:7.1.2-1
1:7.1.2-2
1:7.1.2-3
1:7.1.3-1
1:7.1.4-1
1:7.1.4-2
1:7.1.5-1
1:7.1.5-2
1:7.1.5-3
1:7.1.6-1
1:7.1.7-1
1:7.1.8-1
1:7.1.9-1
1:7.1.10-1
1:7.1.10-2
1:7.1.10-3
1:7.2.1-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-33899.json"

Debian:13

rar

Package

Name
rar
Purl
pkg:deb/debian/rar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:7.00-1

Affected versions

2.*

2.02-2
2.60-1
2.80-2

3.*

3.30-2

1:3.*

1:3.5.1-1
1:3.6.0-1
1:3.7b1-1
1:3.7b1-2
1:3.7.1-1
1:3.7.1-2
1:3.8b2-1
1:3.8b2-2
1:3.8b3-1
1:3.8.0-1
1:3.8.0-2
1:3.9.b2-1
1:3.9.b3-1

2:3.*

2:3.9.0-1
2:3.9.1-1
2:3.9.2-1
2:3.9.3-1

2:4.*

2:4.0.b2-1
2:4.0.b3-1
2:4.2.0-1
2:4.2.0+dfsg.1-0.1

2:5.*

2:5.2.1b2-1
2:5.3.b2-1
2:5.4.0-1
2:5.4.0+dfsg.1-0.1
2:5.5.0-1
2:5.5.0-1.1

2:6.*

2:6.11-0.1
2:6.20~b1-0.1
2:6.20-0.1~deb10u1
2:6.20-0.1~deb11u1
2:6.20-0.1
2:6.23-1~deb10u1
2:6.23-1~deb11u1
2:6.23-1~deb12u1
2:6.23-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-33899.json"

unrar-nonfree

Package

Name
unrar-nonfree
Purl
pkg:deb/debian/unrar-nonfree?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:7.0.3-1

Affected versions

3.*

3.3.6-2
3.3.6-2.0.1
3.4.3-1

1:3.*

1:3.5.2-0.1
1:3.5.2-0.2
1:3.5.4-0.1
1:3.5.4-1
1:3.5.4-1.1
1:3.7.2-1
1:3.7.3-1
1:3.7.3-1.1
1:3.7.8-1
1:3.7.8-2
1:3.8.2-1
1:3.8.4-1
1:3.8.5-1
1:3.8.5-2
1:3.9.3-1
1:3.9.5-1
1:3.9.6-1
1:3.9.7-1
1:3.9.9-1
1:3.9.10-1

1:4.*

1:4.0.2-1
1:4.0.3-1
1:4.1.4-1
1:4.2.4-0.1
1:4.2.4-0.2
1:4.2.4-0.3

1:5.*

1:5.0.10-1
1:5.2.5-1
1:5.2.7-0.1
1:5.3.2-1
1:5.4.5-1
1:5.5.5-1
1:5.5.8-1
1:5.6.6-1
1:5.6.6-2
1:5.9.4-1

1:6.*

1:6.0.3-1
1:6.0.4-1
1:6.0.4-2
1:6.0.5-1
1:6.0.6-1
1:6.0.7-1
1:6.0.7-2
1:6.0.7-3
1:6.0.7-4
1:6.0.7-5
1:6.0.7-6
1:6.1.2-1
1:6.1.3-1
1:6.1.3-2
1:6.1.4-1
1:6.1.5-1
1:6.1.6-1
1:6.1.6-2
1:6.1.6-3
1:6.1.7-1
1:6.1.7-2
1:6.1.7-3
1:6.1.7-4
1:6.2.1-1
1:6.2.1-2
1:6.2.2-1
1:6.2.2-2
1:6.2.3-1
1:6.2.3-2
1:6.2.5-1
1:6.2.6-1
1:6.2.7-1
1:6.2.8-1
1:6.2.9-1
1:6.2.10-1
1:6.2.10-2
1:6.2.11-1
1:6.2.12-1

1:7.*

1:7.0.1-1
1:7.0.1-2
1:7.0.2-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-33899.json"

Debian:14

rar

Package

Name
rar
Purl
pkg:deb/debian/rar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:7.00-1

Affected versions

2.*

2.02-2
2.60-1
2.80-2

3.*

3.30-2

1:3.*

1:3.5.1-1
1:3.6.0-1
1:3.7b1-1
1:3.7b1-2
1:3.7.1-1
1:3.7.1-2
1:3.8b2-1
1:3.8b2-2
1:3.8b3-1
1:3.8.0-1
1:3.8.0-2
1:3.9.b2-1
1:3.9.b3-1

2:3.*

2:3.9.0-1
2:3.9.1-1
2:3.9.2-1
2:3.9.3-1

2:4.*

2:4.0.b2-1
2:4.0.b3-1
2:4.2.0-1
2:4.2.0+dfsg.1-0.1

2:5.*

2:5.2.1b2-1
2:5.3.b2-1
2:5.4.0-1
2:5.4.0+dfsg.1-0.1
2:5.5.0-1
2:5.5.0-1.1

2:6.*

2:6.11-0.1
2:6.20~b1-0.1
2:6.20-0.1~deb10u1
2:6.20-0.1~deb11u1
2:6.20-0.1
2:6.23-1~deb10u1
2:6.23-1~deb11u1
2:6.23-1~deb12u1
2:6.23-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-33899.json"

unrar-nonfree

Package

Name
unrar-nonfree
Purl
pkg:deb/debian/unrar-nonfree?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:7.0.3-1

Affected versions

3.*

3.3.6-2
3.3.6-2.0.1
3.4.3-1

1:3.*

1:3.5.2-0.1
1:3.5.2-0.2
1:3.5.4-0.1
1:3.5.4-1
1:3.5.4-1.1
1:3.7.2-1
1:3.7.3-1
1:3.7.3-1.1
1:3.7.8-1
1:3.7.8-2
1:3.8.2-1
1:3.8.4-1
1:3.8.5-1
1:3.8.5-2
1:3.9.3-1
1:3.9.5-1
1:3.9.6-1
1:3.9.7-1
1:3.9.9-1
1:3.9.10-1

1:4.*

1:4.0.2-1
1:4.0.3-1
1:4.1.4-1
1:4.2.4-0.1
1:4.2.4-0.2
1:4.2.4-0.3

1:5.*

1:5.0.10-1
1:5.2.5-1
1:5.2.7-0.1
1:5.3.2-1
1:5.4.5-1
1:5.5.5-1
1:5.5.8-1
1:5.6.6-1
1:5.6.6-2
1:5.9.4-1

1:6.*

1:6.0.3-1
1:6.0.4-1
1:6.0.4-2
1:6.0.5-1
1:6.0.6-1
1:6.0.7-1
1:6.0.7-2
1:6.0.7-3
1:6.0.7-4
1:6.0.7-5
1:6.0.7-6
1:6.1.2-1
1:6.1.3-1
1:6.1.3-2
1:6.1.4-1
1:6.1.5-1
1:6.1.6-1
1:6.1.6-2
1:6.1.6-3
1:6.1.7-1
1:6.1.7-2
1:6.1.7-3
1:6.1.7-4
1:6.2.1-1
1:6.2.1-2
1:6.2.2-1
1:6.2.2-2
1:6.2.3-1
1:6.2.3-2
1:6.2.5-1
1:6.2.6-1
1:6.2.7-1
1:6.2.8-1
1:6.2.9-1
1:6.2.10-1
1:6.2.10-2
1:6.2.11-1
1:6.2.12-1

1:7.*

1:7.0.1-1
1:7.0.1-2
1:7.0.2-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-33899.json"