CVE-2017-14122

NameCVE-2017-14122
Descriptionunrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2567-1, ELA-368-1
Debian Bugs874060

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
unrar-free (PTS)jessie, jessie (lts)1:0.0.1+cvs20140707-1+deb8u1fixed
stretch (security), stretch (lts), stretch1:0.0.1+cvs20140707-1+deb9u1fixed
buster, bullseye1:0.0.1+cvs20140707-4fixed
bookworm1:0.1.3-1fixed
sid, trixie1:0.3.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
unrar-freesourcejessie1:0.0.1+cvs20140707-1+deb8u1ELA-368-1
unrar-freesourcestretch1:0.0.1+cvs20140707-1+deb9u1DLA-2567-1
unrar-freesource(unstable)1:0.0.1+cvs20140707-4unimportant874060

Notes

https://www.openwall.com/lists/oss-security/2017/08/20/1
Crash in CLI tool, no security impact

Search for package or bug name: Reporting problems