Vulnerabilities > CVE-2022-23596 - Infinite Loop vulnerability in Junrar Project Junrar

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

junrar-project

CWE-835

NVD

Published: 2022-02-01

Updated: 2022-02-04

Summary

Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. The problem is patched in 7.4.1. There are no known workarounds and users are advised to upgrade as soon as possible.

Vulnerable Configurations

Part	Description	Count
Application	Junrar_Project Junrar Project Junrar - Junrar Project Junrar 0.6 Junrar Project Junrar 0.7 Junrar Project Junrar 1.0.0 Junrar Project Junrar 1.0.1 Junrar Project Junrar 2.0.0 Junrar Project Junrar 3.0.0 Junrar Project Junrar 3.1.0 Junrar Project Junrar 3.1.1 Junrar Project Junrar 4.0.0 Junrar Project Junrar 5.0.0 Junrar Project Junrar 6.0.0 Junrar Project Junrar 6.0.1 Junrar Project Junrar 7.0.0 Junrar Project Junrar 7.1.0 Junrar Project Junrar 7.2.0 Junrar Project Junrar 7.3.0 Junrar Project Junrar 7.4.0	18

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References