CVE-2017-20006: Buffer Overflow
First published: Thu Jul 01 2021(Updated: )
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| UnRAR | =5.6.1.2 | |
| UnRAR | =5.6.1.3 | |
| Linux Kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of UnRAR?
The vulnerability ID of UnRAR is CVE-2017-20006.
What is the severity rating of CVE-2017-20006?
The severity rating of CVE-2017-20006 is high.
What is the affected version of UnRAR?
The affected version of UnRAR is 5.6.1.2 and 5.6.1.3.
How does the vulnerability manifest in UnRAR?
The vulnerability manifests as a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).
Is the Linux kernel affected by this vulnerability?
No, the Linux kernel is not affected by this vulnerability.
Are there any known fixes or patches for this vulnerability?
Yes, a fix for this vulnerability has been implemented in the following commit: https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/rarlab
- canonical/unrar
- version/unrar/5.6.1.2
- version/unrar/5.6.1.3
- vendor/linux
- canonical/linux kernel