Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2017-20006
CVE-2017-20006:
WinRAR vulnerability analysis and mitigation
Overview
CVE-2017-20006 is a heap-based buffer overflow vulnerability discovered in UnRAR versions 5.6.1.2 and 5.6.1.3. The vulnerability exists in the Unpack::CopyString function, which is called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile functions (NVD, MITRE).
Technical details
The vulnerability is classified as a heap-based buffer overflow WRITE condition that occurs in the Unpack::CopyString function when processing RAR archives. The issue was discovered through OSS-Fuzz testing and was tracked as OSV-2017-104 (OSS-Fuzz).
Impact
A heap-based buffer overflow vulnerability can potentially lead to arbitrary code execution or program crashes when processing maliciously crafted RAR archives (OSS-Fuzz).
Mitigation and workarounds
The vulnerability was fixed in a subsequent update with commit 0ff832d31470471803b175cfff4e40c1b08ee779. Users should upgrade to a version newer than 5.6.1.3 to mitigate this vulnerability (GitHub Commit).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management