Vulnerabilities > CVE-2017-14121 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 1 |
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2017/08/20/1
- http://www.openwall.com/lists/oss-security/2017/08/20/1
- https://bugs.debian.org/874061
- https://bugs.debian.org/874061
- https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html
- https://lists.debian.org/debian-lts-announce/2021/02/msg00026.html