logo

Database

Improper resource allocation In com.github.junrar:junrar

Description

Junrar vulnerable to infinite loop via extracting carefully crafted RAR archive

Impact

A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users.

Patches

The problem is partially patched in 7.4.1

Workarounds

None

References

https://github.com/junrar/junrar/issues/73

https://github.com/junrar/junrar/issues/81

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2022-235962. NVD-2022-235963. OSV-2022-235964. GHSA-m6cj-93v6-cvr55. GCVE-2022-23596

References

1. https://github.com/junrar/junrar/security/advisories/GHSA-m6cj-93v6-cvr52. https://github.com/junrar/junrar/issues/733. https://github.com/junrar/junrar/commit/7b16b3d90b91445fd6af0adfed22c07413d4fab7

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.