Home > Vulnerability Database > CVE-2023-40477

Mend.io Vulnerability Database

CVE-2023-40477

Date: May 2, 2024

RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of recovery volumes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21233.

Severity Score

7.8

Related Resources (5)

Url: https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa

Url: https://security-tracker.debian.org/tracker/CVE-2023-40477

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-40477

Url: https://www.zerodayinitiative.com/advisories/ZDI-23-1152/

Url: https://www.mend.io/vulnerability-database/CVE-2023-40477

Severity Score

7.8

Weakness Type (CWE)

Improper Validation of Array Index

CWE-129

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-40477

Date: May 2, 2024

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?