CVE-2022-23596 in Junrarinformation

Résumé

par MITRE • 01/02/2022

Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. The problem is patched in 7.4.1. There are no known workarounds and users are advised to upgrade as soon as possible.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

GitHub, Inc.

Réserver

19/01/2022

Divulgation

01/02/2022

Modérer

accepté

Entrée

VDB-192052

CPE

prêt

CWE

CWE-835 (confirmé)

CVSS

7.5 (NVD)

EPSS

0.00360

KEV

non

Activités

très faible

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2022-23596
NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-23596
CVE Details	https://www.cvedetails.com/cve/CVE-2022-23596/

◂ Précédent Aperçu Suivant ▸

Interested in the pricing of exploits?

See the underground prices here!