Unrar Dll
Monthly
Out-of-bounds heap write in the RAR5 recovery-volume (.rev) parser of WinRAR, RAR, UnRAR, and unrar.dll (versions before 7.23) lets an attacker corrupt heap memory when a victim runs a recovery, test, or repair operation on a crafted multi-file .rev set. Because subsequent .rev files supply a RecNum value validated only against their own TotalCount and never against the actual RecItems allocation, an attacker-controlled 32-bit value can be written far past the buffer, enabling memory corruption and potential code execution. There is no public exploit identified at time of analysis, but this is the RAR5-path sibling of the previously exploited CVE-2023-40477, and CWE-787 flaws in WinRAR have historically led to reliable RCE.
Out-of-bounds heap write in the RAR5 recovery-volume (.rev) parser of WinRAR, RAR, UnRAR, and unrar.dll (versions before 7.23) lets an attacker corrupt heap memory when a victim runs a recovery, test, or repair operation on a crafted multi-file .rev set. Because subsequent .rev files supply a RecNum value validated only against their own TotalCount and never against the actual RecItems allocation, an attacker-controlled 32-bit value can be written far past the buffer, enabling memory corruption and potential code execution. There is no public exploit identified at time of analysis, but this is the RAR5-path sibling of the previously exploited CVE-2023-40477, and CWE-787 flaws in WinRAR have historically led to reliable RCE.