Skip to content

A carefully crafted RAR archive can trigger an infinite loop while extracting

Low
gotson published GHSA-m6cj-93v6-cvr5 Jan 31, 2022

Package

maven com.github.junrar:junrar (Maven)

Affected versions

<7.5.3

Patched versions

7.5.3

Description

Impact

A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users.

Patches

The problem is partially patched in 7.4.1

Workarounds

None

References

#73

#81

Severity

Low

CVE ID

CVE-2022-23596

Weaknesses

No CWEs

Credits