Your submission was sent successfully! Close

CVE-2017-20006

Published: 01 July 2021

UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
unrar-nonfree
Launchpad, Ubuntu, Debian
Upstream
Released (5.6.1.4)
Ubuntu 21.10 (Impish Indri) Not vulnerable

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1:5.6.6-2build1)
Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(out of standard support)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779