HTTP: RARLAB WinRAR ZIP File Out-of-Bounds Read
This signature detects attempts to exploit a known vulnerability against RARLAB WinRAR ZIP File. A successful attack can lead to arbitrary code execution.
Extended Description
This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. Crafted data in a ZIP file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-19232.
Affected Products
Rarlab winrar
References
CVE: CVE-2022-43650
Short Name
HTTP:STC:WINRAR-ZIP-OOB
Severity
Major
Recommended
True
Recommended Action
None
Category
HTTP
Keywords
CVE-2022-43650 File Out-of-Bounds RARLAB Read WinRAR ZIP
Release Date
09/14/2023
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3633
False Positive
Unknown
Vendors
Rarlab