Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
DoS via Out Of Memory Crash
Vulnerability Description
github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未经控制的内存分配
Vulnerability Title
rardecode 安全漏洞
Vulnerability Description
rardecode是Nicholas Waples个人开发者的一个用于阅读RAR文件的golang包。 rardecode 2.1.1及之前版本存在安全漏洞,该漏洞源于未限制字典大小,攻击者可提供特制RAR文件导致内存耗尽崩溃。
CVSS Information
N/A
Vulnerability Type
N/A