Vulnerability CVE-2007-3726

Vulnerability Name:

CVE-2007-3726 (CCN-35892)

Assigned:

2007-07-11

Published:

2007-07-11

Updated:

2018-10-15

Summary:

Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: Full-Disclosure Mailing List, Wed Jul 11 2007 - 10:46:56 CDT
Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.

Source: CCN
Type: Full-Disclosure Mailing List, Wed Jul 11 2007 - 10:32:53 CDT
Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability

Source: MITRE
Type: CNA
CVE-2007-3726

Source: CCN
Type: Kolab Security Issue 16 20070724
Kolab Server, ClamAV denial of service

Source: OSVDB
Type: UNKNOWN
39603

Source: SREASON
Type: UNKNOWN
2880

Source: CCN
Type: OSVDB ID: 39603
unrar rarvm.cpp Crafted RAR Archive Handling DoS

Source: CCN
Type: unrar Web site
WinRAR archiver, a powerful tool to process RAR and ZIP files

Source: BUGTRAQ
Type: UNKNOWN
20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.

Source: BUGTRAQ
Type: UNKNOWN
20070711 Re: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.

Source: BUGTRAQ
Type: UNKNOWN
20070711 RE: Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.

Source: BUGTRAQ
Type: UNKNOWN
20070731 FLEA-2007-0037-1 unrar

Source: XF
Type: UNKNOWN
unrar-rarvm-dos(35892)

Source: CCN
Type: ClamAV Bugzilla Bug 555
RAR Files Handling Denial of Service vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:rarlab:unrar:3.70_beta_3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20073726	V	CVE-2007-3726	2022-05-20
oval:org.opensuse.security:def:31723	P	Security update for chrony (Moderate)	2021-12-22
oval:org.opensuse.security:def:32234	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:42243	P	Security update for glib-networking (Important)	2021-12-06
oval:org.opensuse.security:def:31315	P	Security update for clamav (Moderate)	2021-12-01
oval:org.opensuse.security:def:32231	P	Security update for clamav (Moderate)	2021-12-01
oval:org.opensuse.security:def:26176	P	Security update for speex (Moderate)	2021-12-01
oval:org.opensuse.security:def:31304	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:31303	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:26162	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:26148	P	Security update for javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags (Important)	2021-10-15
oval:org.opensuse.security:def:33013	P	Security update for gd (Moderate)	2021-09-23
oval:org.opensuse.security:def:32182	P	Security update for transfig (Moderate)	2021-09-16
oval:org.opensuse.security:def:26118	P	Security update for php72 (Important)	2021-09-02
oval:org.opensuse.security:def:31670	P	Security update for python-PyYAML (Important)	2021-08-24
oval:org.opensuse.security:def:26104	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:32974	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:32147	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:32126	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:32123	P	Security update for xterm (Important)	2021-06-18
oval:org.opensuse.security:def:31199	P	Security update for freeradius-server (Moderate)	2021-06-11
oval:org.opensuse.security:def:42721	P	unrar-3.80.2-2.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26067	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:36314	P	unrar-3.80.2-2.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32090	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:26065	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:31613	P	Security update for tomcat (Important)	2021-04-29
oval:org.opensuse.security:def:32079	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:26025	P	Security update for openexr (Moderate)	2021-04-07
oval:org.opensuse.security:def:32270	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:26205	P	Security update for openssl-1_0_0 (Moderate)	2021-03-08
oval:org.opensuse.security:def:31734	P	Security update for java-1_8_0-ibm (Important)	2021-02-26
oval:org.opensuse.security:def:31331	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:32018	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:25972	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:35645	P	unrar-3.80.2-2.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42052	P	unrar-3.80.2-2.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35836	P	unrar-3.80.2-2.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36050	P	unrar-3.80.2-2.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42457	P	unrar-3.80.2-2.8 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31125	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:31480	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:32761	P	pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31969	P	Security update for ipsec-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:32336	P	Security update for sane-backends (Moderate)	2020-12-01
oval:org.opensuse.security:def:31516	P	Security update for quagga (Moderate)	2020-12-01
oval:org.opensuse.security:def:32556	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31866	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:25928	P	Security update for pcre (Moderate)	2020-12-01
oval:org.opensuse.security:def:25272	P	Security update for vino (Moderate)	2020-12-01
oval:org.opensuse.security:def:25622	P	Security update for wavpack (Moderate)	2020-12-01
oval:org.opensuse.security:def:26835	P	unrar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25398	P	Security update for tigervnc (Critical)	2020-12-01
oval:org.opensuse.security:def:25728	P	Security update for python-cffi, python-cryptography (Moderate)	2020-12-01
oval:org.opensuse.security:def:26278	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27013	P	perl-Tk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25600	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:25884	P	Security update for lhasa (Moderate)	2020-12-01
oval:org.opensuse.security:def:26229	P	Security update for xawtv (Moderate)	2020-12-01
oval:org.opensuse.security:def:26639	P	star on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25863	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26440	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:31889	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:31567	P	Security update for squid3 (Important)	2020-12-01
oval:org.opensuse.security:def:32057	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:32800	P	unrar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31517	P	Security update for quagga (Important)	2020-12-01
oval:org.opensuse.security:def:31826	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32600	P	quagga on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31780	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:31998	P	Security update for jpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:32390	P	Security update for tomcat6 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25196	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25400	P	Security update for bcm43xx-firmware (Moderate)	2020-12-01
oval:org.opensuse.security:def:25773	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:25462	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:25812	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26317	P	Security update for chromium (Moderate)	2020-12-01
oval:org.opensuse.security:def:27048	P	unrar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25611	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:25941	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26542	P	evolution-data-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27277	P	python-imaging on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25864	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26493	P	Security update for phpMyAdmin (Important)	2020-12-01
oval:org.opensuse.security:def:31933	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:31113	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31389	P	Security update for orca (Moderate)	2020-12-01
oval:org.opensuse.security:def:31757	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:31528	P	Security update for ruby (Moderate)	2020-12-01
oval:org.opensuse.security:def:31883	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:32495	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33238	P	procmail on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31781	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32446	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:26610	P	log4net on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25197	P	Security update for gnuplot (Moderate)	2020-12-01
oval:org.opensuse.security:def:25481	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25826	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25386	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25590	P	Security update for dovecot22 (Important)	2020-12-01
oval:org.opensuse.security:def:25963	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26331	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25675	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26581	P	libadns1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27312	P	unrar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25875	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31828	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:32571	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31114	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31423	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31779	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31521	P	Security update for rsync (Moderate)	2020-12-01
oval:org.opensuse.security:def:31913	P	Security update for gcc5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32292	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31602	P	Security update for tomcat6	2020-12-01
oval:org.opensuse.security:def:31970	P	Security update for ipsec-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:32534	P	kde4-kgreeter-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33277	P	unrar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31792	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25914	P	Security update for firebird (Moderate)	2020-12-01
oval:org.opensuse.security:def:26645	P	unrar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25208	P	Security update for python3-requests (Moderate)	2020-12-01
oval:org.opensuse.security:def:25538	P	Security update for perl (Important)	2020-12-01
oval:org.opensuse.security:def:26800	P	pango on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25387	P	Security update for shim (Moderate)	2020-12-01
oval:org.opensuse.security:def:25671	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26016	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26375	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25599	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25803	P	Security update for flash-player (Moderate)	2020-12-01
oval:org.opensuse.security:def:26595	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25939	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:26289	P	Security update for sane-backends (Important)	2020-12-01
oval:org.opensuse.security:def:31867	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32610	P	unrar on GA media (Moderate)	2020-12-01

BACK