RAR and UnRAR: User-assisted execution of arbitrary code

RAR and UnRAR: User-assisted execution of arbitrary code An integer overflow in RAR and UnRAR might allow remote attackers to execute arbitrary code. rar,unrar 2017-08-21 2017-08-21 622342 622382 remote 5.5.0_beta4_p20170628 5.5.0_beta4_p20170628 5.5.5 5.5.5

RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files.

A VMSF_DELTA memory corruption was discovered in which an integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the “DestPos” variable which allows writing out of bounds when setting Mem[DestPos].

A remote attacker, by enticing a user to open a specially crafted archive, could execute arbitrary code with the privileges of the process.

There is no known workaround at this time.

All RAR users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=app-arch/rar-5.5.0_beta4_p20170628"

All UnRAR users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=app-arch/unrar-5.5.5"

CVE-2012-6706 whissi b-man