VULHUB ™

WinRAR is prone to a weakness that may allow malicious parties to misrepresent the size of compressed files. This issue occurs because WinRAR trusts values in the .rar header without adequately verifying the actual file size. This presents a security threat because a user may expect that a compressed file is a certain size and decompress it based on this assumption. UnRar is also prone to this issue. The UnRar add-on is available for a number of operating systems, including Unix/Linux derivatives and may be invoked automatically by various virus scanners. This could pose an additional attack vector which does not require user interaction to exploit. There have been conflicting reports as to whether WinRar 3.20 is vulnerable to this issue or not.

WinRAR is prone to a weakness that may allow malicious parties to misrepresent the size of compressed files. This issue occurs because WinRAR trusts values in the .rar header without adequately verifying the actual file size. This presents a security threat because a user may expect that a compressed file is a certain size and decompress it based on this assumption. UnRar is also prone to this issue. The UnRar add-on is available for a number of operating systems, including Unix/Linux derivatives and may be invoked automatically by various virus scanners. This could pose an additional attack vector which does not require user interaction to exploit. There have been conflicting reports as to whether WinRar 3.20 is vulnerable to this issue or not.