关联漏洞
标题:rardecode 安全漏洞 (CVE-2025-11579)Description:rardecode是Nicholas Waples个人开发者的一个用于阅读RAR文件的golang包。 rardecode 2.1.1及之前版本存在安全漏洞,该漏洞源于未限制字典大小,攻击者可提供特制RAR文件导致内存耗尽崩溃。
Description
Proof of Concept for CVE-2025-11579
介绍
# PoC CVE-2025-11579
### Overview
rardecode versions `<= 2.1.1` fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.
### Exploit
We craft a RAR file with an artificially large dictionary size causing the library to attempt massive memory allocations and then have an Out of Memory Crash.
### Exploit Steps
1. Use the `14Gb.rar` file and do `go run exploit.go`.
<img width="980" height="401" alt="proof" src="https://github.com/user-attachments/assets/44418ebc-6ca4-4324-aa43-08abdab8d842" />
2. Use the normal `simple.rar` provided and run the exploit. It is successfully extracted.
<img width="576" height="65" alt="proof2" src="https://github.com/user-attachments/assets/31e3f57b-505e-4db5-9925-dbec204f20d3" />
文件快照
[4.0K] /data/pocs/597e36067f6298cea0e8ef062f23fc015a641619
├── [598K] 14Gb.rar
├── [1009] exploit.go
├── [ 95] go.mod
├── [ 181] go.sum
├── [1.1K] LICENSE
├── [ 864] README.md
└── [ 87] simple.rar
1 directory, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。