A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].
CVSS Details
- CVSS 3.0 Base Score: 9.8
- CVSS 3.0 Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Alpine Linux | alpine-linux-upgrade-clamav | Aug 22, 2024 | Jun 22, 2017 | |
| Amazon_linux | — | amazon-linux-upgrade-clamav | Mar 25, 2018 | Jun 22, 2017 |
| Arch Linux | arch-linux-upgrade-latest | Jul 11, 2025 | Jun 22, 2017 | |
| Debian | debian-upgrade-libclamunrardebian-upgrade-unrar-nonfree | Jun 28, 2017 | Jun 22, 2017 | |
| Gentoo Linux | gentoo-linux-upgrade-app-antivirus-clamavgentoo-linux-upgrade-app-arch-rargentoo-linux-upgrade-app-arch-unrargentoo-linux-upgrade-media-tv-kodi | Oct 30, 2017 | Jun 22, 2017 | |
| Oracle Solaris | oracle-solaris-11-3-upgrade-archiver-unrar-5-5-5-0-175-3-22-0-3-0 | Jul 19, 2017 | Jun 22, 2017 | |
| Suse | — | suse-upgrade-clamavsuse-upgrade-clamav-debuginfosuse-upgrade-clamav-debugsourcesuse-upgrade-libunrar-develsuse-upgrade-libunrar5_0_14suse-upgrade-libunrar5_5_5suse-upgrade-libunrar5_5_5-debuginfosuse-upgrade-unrarsuse-upgrade-unrar-debuginfosuse-upgrade-unrar-debugsource | Apr 26, 2018 | Jun 22, 2017 |
| Ubuntu | ubuntu-upgrade-libclamunrarubuntu-upgrade-unrar-nonfree | Nov 19, 2024 | Jun 22, 2017 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub