logo

Database

Inappropriate coding practices In com.github.junrar:junrar

Description

Junrar vulnerable to Infinite Loop Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-124182. NVD-2018-124183. OSV-2018-124184. GHSA-5xqr-grq4-qwgx5. GCVE-2018-12418

References

1. https://github.com/junrar/junrar/pull/82. https://github.com/junrar/junrar/commit/ad8d0ba8e155630da8a1215cee3f253e0af458173. https://github.com/tafamace/CVE-2018-12418

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.