CVE-2022-23596 – com.github.junrar:junrar

Package

Manager: maven
Name: com.github.junrar:junrar
Vulnerable Version: >=0 <7.4.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0036 pctl0.57421

Details

Junrar vulnerable to infinite loop via extracting carefully crafted RAR archive ### Impact A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. ### Patches The problem is partially patched in 7.4.1 ### Workarounds None ### References https://github.com/junrar/junrar/issues/73 https://github.com/junrar/junrar/issues/81

Metadata

Created: 2022-02-01T00:47:23Z
Modified: 2022-08-11T17:02:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-m6cj-93v6-cvr5/GHSA-m6cj-93v6-cvr5.json
CWE IDs: ["CWE-400", "CWE-835"]
Alternative ID: GHSA-m6cj-93v6-cvr5
Finding: F067
Auto approve: 1