CVE-2022-23596

HIGH7.5EPSS 0.36%

Junrar vulnerable to infinite loop via extracting carefully crafted RAR archive

發布日:2022/2/1修改日:2023/11/8

描述

### Impact A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. ### Patches The problem is partially patched in 7.4.1 ### Workarounds None ### References https://github.com/junrar/junrar/issues/73 https://github.com/junrar/junrar/issues/81

受影響套件(1)

Maven/com.github.junrar:junrarfrom 0, < 7.4.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-23596
PATCHhttps://github.com/junrar/junrar
WEBhttps://github.com/junrar/junrar/commit/7b16b3d90b91445fd6af0adfed22c07413d4fab7
WEBhttps://github.com/junrar/junrar/issues/73
WEBhttps://github.com/junrar/junrar/security/advisories/GHSA-m6cj-93v6-cvr5