Published: 12/07/2007 Updated: 15/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote malicious users to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rarlab unrar 3.70_beta_3

Debian Bug report logs - #437703 CVE-2007-3726: crafted RAR archive may cause crash Package: unrar; Maintainer for unrar is Martin Meredith <mez@debianorg>; Source for unrar is src:unrar-nonfree (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde> Date: Mon, 13 Aug 2007 19:09:01 UTC Severity: normal T ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/473376/100/0/threaded http://securityreason.com/securityalert/2880 http://osvdb.org/39603 http://www.securityfocus.com/archive/1/475155/30/5610/threaded http://www.securityfocus.com/archive/1/473373/100/0/threaded http://www.securityfocus.com/archive/1/473371/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437703 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-3726

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect