WinRAR Updates
#25
Information 
Quote:WinRAR 7.23 (stable release)

Version 7.23

1. Heap overflow vulnerability is fixed in RAR5 recovery volume
data reconstruction code. It affects WinRAR, RAR and UnRAR.
UnRAR.dll library doesn't include recovery volume processing,
so it is not affected.

We are thankful to Arjun Basnet from Securin Labs for letting us know
about this security issue.

2. Symbolic link pointing outside of destination folder could be created
even without -ola switch, when extracting a specially crafted
RAR archive by WinRAR, RAR, UnRAR or UnRAR.dll library.

Further check in extraction code prevents placing files to such folder
even in case of multiple extraction commands, excluding the possibility
of path traversal attack for WinRAR, RAR or UnRAR based extraction.
It limits the potential threat to a case where another tool uses this
symbolic link to store files.

We are thankful to scofaild23-bnomran for letting us know about this
security issue.

3. 7zxa.dll 7z extraction library is updated to version 26.02 to include
bug and vulnerability fixes by the library developer.

4. Switch -iver prints RAR version even if -idc is specified
in the command line, configuration file or RARINISWITCHES environment
variable. Previously -idc blocked -iver action.

Also a new line character is added to -iver output.

WinRAR archiver, a powerful tool to process RAR and ZIP files

Download: WinRAR and RAR archiver downloads
Reply


Messages In This Thread
WinRAR Updates - by grr - 26 October 17, 12:47
RE: WinRAR Updates - by jasonX - 01 October 18, 18:19
RE: WinRAR Updates - by silversurfer - 26 February 19, 12:31
WinRAR 5.80 - by harlan4096 - 11 December 19, 12:09
WinRAR 5.90 - by harlan4096 - 30 March 20, 11:20
WinRAR 5.91 - by harlan4096 - 01 July 20, 06:28
WinRAR 6.00 - by harlan4096 - 08 December 20, 10:59
WinRAR 6.01 / 6.01 Beta 1 - by harlan4096 - 12 April 21, 16:25
RE: WinRAR Updates - by silversurfer - 14 June 21, 11:34
WinRAR 6.10 - by harlan4096 - 24 January 22, 16:05
WinRAR 6.11 - by harlan4096 - 04 March 22, 09:00
WinRAR 6.20 / 6.21 Beta 1 - by harlan4096 - 25 January 23, 08:47
WinRAR 6.21 - by harlan4096 - 20 February 23, 16:52
WinRAR 6.22 - by harlan4096 - 02 June 23, 08:36
WinRAR 6.24 / 6.24 Beta 1 - by harlan4096 - 06 October 23, 08:54
WinRAR 7.00 - by harlan4096 - 28 February 24, 16:30
RE: WinRAR Updates - by jasonX - 29 February 24, 05:25
WinRAR 7.01 - by harlan4096 - 15 May 24, 08:49
WinRAR 7.10 (stable version) - by harlan4096 - 18 February 25, 11:56
WinRAR 7.11 (stable version) - by harlan4096 - 24 March 25, 11:13
WinRAR 7.12 (stable) - by harlan4096 - 26 June 25, 07:28
WinRAR 7.13 (stable release) - by harlan4096 - 31 July 25, 06:50
WinRAR 7.20 - by harlan4096 - 04 February 26, 10:27
WinRAR 7.21 (stable release) - by harlan4096 - 30 April 26, 08:18
WinRAR 7.23 - by harlan4096 - 7 hours ago

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Kali Linux 2026.2 Released With 9 New To...
Offensive Security...harlan4096 — 08:28
INTEL Arc Graphics 32.0.101.8860 driver
INTEL Arc Graphics...harlan4096 — 08:19
Thunderbird 152.0.1 & Thunderbird 140.12...
Thunderbird 152.0....harlan4096 — 07:59
ESET 19.2.7.0
Changes in 19.2.7....harlan4096 — 07:45
Mozilla Firefox Browser 152.0.4
Mozilla Firefox Br...harlan4096 — 07:44

[-]
Birthdays
Today's Birthdays
avatar (43)uapedDow
avatar (47)suiscced
avatar (48)Angarpaf
avatar (41)clarissalo60
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (41)optsaZes
avatar (40)RaymondViata
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>