CVE-2012-6706
Description
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the DestPos variable, which allows the attacker to write out of bounds when setting Mem[DestPos].
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.803
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2018:0809-1(SUSE Linux Enterprise Desktop 12-SP2 ) clamav-0.99.4-33.9.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0809-1(SUSE Linux Enterprise Desktop 12-SP2 ) clamav-debuginfo-0.99.4-33.9.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0809-1(SUSE Linux Enterprise Desktop 12-SP2 ) clamav-debugsource-0.99.4-33.9.1.x86_64.rpm | Linux |
| SUSE-SU-2018:0862-1(SUSE Linux Enterprise Server 11-SP4 ) unrar-5.6.1-5.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2834-1(SUSE Linux Enterprise Server 12-SP5 ) unrar-5.6.1-4.5.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2834-1(SUSE Linux Enterprise Server 12-SP5 ) unrar-debuginfo-5.6.1-4.5.1.x86_64.rpm | Linux |
| SUSE-SU-2021:2834-1(SUSE Linux Enterprise Server 12-SP5 ) unrar-debugsource-5.6.1-4.5.1.x86_64.rpm | Linux |
| Vulnerabilities CVE-2012-6706 are affected in threat_detection_engine 3.36.2 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234