CVE-2022-23596

HIGH7.5EPSS 0.36%

Junrar vulnerable to infinite loop via extracting carefully crafted RAR archive

Published: 2/1/2022Modified: 11/8/2023

Description

### Impact A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. ### Patches The problem is partially patched in 7.4.1 ### Workarounds None ### References https://github.com/junrar/junrar/issues/73 https://github.com/junrar/junrar/issues/81

Affected packages (1)

Maven/com.github.junrar:junrarfrom 0, < 7.4.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-23596
PATCHhttps://github.com/junrar/junrar
WEBhttps://github.com/junrar/junrar/commit/7b16b3d90b91445fd6af0adfed22c07413d4fab7
WEBhttps://github.com/junrar/junrar/issues/73
WEBhttps://github.com/junrar/junrar/security/advisories/GHSA-m6cj-93v6-cvr5