CVE-2024-33899

Published: Apr 29, 2024Modified: Jun 20, 2025

7.1

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.

Affected (1)

Products: Rarlab: Winrar

Rarlab

1 product

Winrar

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Rarlab Winrar	Before 7.00

Running on/with	Platform Versions
Linux Linux Kernel	All versions
Opengroup Unix	All versions

Related CWEs

CWE-150

Improper Neutralization of Escape, Meta, or Control Sequences

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.

References (4)

https://sdushantha.medium.com/ansi-escape-injection-vulnerability-in-winrar-a2cbfac4b983

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.rarlab.com/rarnew.htm

Source: cve@mitre.org

Release Notes

https://sdushantha.medium.com/ansi-escape-injection-vulnerability-in-winrar-a2cbfac4b983

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.rarlab.com/rarnew.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.