Vulnerability

CVE-2022-23596

 Report advisory or correction

CVSS Score 7.5 high

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-835

References

https://github.com/junrar/junrar/issues/73
https://github.com/junrar/junrar/security/advisories/GHSA-m6cj-93v6-cvr5
https://github.com/advisories/GHSA-m6cj-93v6-cvr5
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23596

[CVE-2022-23596] CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

Description

Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. The problem is patched in 7.4.1. There are no known workarounds and users are advised to upgrade as soon as possible.

See com.github.junrar/junrar package information