GHSA-m6cj-93v6-cvr5

Suggest an improvement
Source
https://github.com/advisories/GHSA-m6cj-93v6-cvr5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-m6cj-93v6-cvr5/GHSA-m6cj-93v6-cvr5.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m6cj-93v6-cvr5
Aliases
Published
2022-02-01T00:47:23Z
Modified
2023-11-08T04:08:24.452888Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Junrar vulnerable to infinite loop via extracting carefully crafted RAR archive
Details

Impact

A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users.

Patches

The problem is partially patched in 7.4.1

Workarounds

None

References

https://github.com/junrar/junrar/issues/73

https://github.com/junrar/junrar/issues/81

References

Affected packages

Maven / com.github.junrar:junrar

Package

Name
com.github.junrar:junrar
View open source insights on deps.dev
Purl
pkg:maven/com.github.junrar/junrar

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.4.1

Affected versions

0.*

0.7

1.*

1.0.0
1.0.1

2.*

2.0.0

3.*

3.0.0
3.1.0

4.*

4.0.0

5.*

5.0.0

6.*

6.0.0
6.0.1

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0