CVE-2024-33899

RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*

History

20 Jun 2025, 17:38

Type Values Removed Values Added
First Time Rarlab winrar
Opengroup
Linux
Opengroup unix
Linux linux Kernel
Rarlab
CPE cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*
References () https://sdushantha.medium.com/ansi-escape-injection-vulnerability-in-winrar-a2cbfac4b983 - () https://sdushantha.medium.com/ansi-escape-injection-vulnerability-in-winrar-a2cbfac4b983 - Exploit, Third Party Advisory
References () https://www.rarlab.com/rarnew.htm - () https://www.rarlab.com/rarnew.htm - Release Notes

21 Nov 2024, 09:17

Type Values Removed Values Added
References () https://sdushantha.medium.com/ansi-escape-injection-vulnerability-in-winrar-a2cbfac4b983 - () https://sdushantha.medium.com/ansi-escape-injection-vulnerability-in-winrar-a2cbfac4b983 -
References () https://www.rarlab.com/rarnew.htm - () https://www.rarlab.com/rarnew.htm -

03 Jul 2024, 01:59

Type Values Removed Values Added
CWE CWE-150
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.1

21 May 2024, 17:15

Type Values Removed Values Added
Summary
  • (es) RARLAB WinRAR anterior a 7.00, en plataformas Linux y UNIX, permite a los atacantes falsificar la salida de la pantalla o provocar una denegación de servicio mediante secuencias de escape ANSI.
References
  • () https://sdushantha.medium.com/ansi-escape-injection-vulnerability-in-winrar-a2cbfac4b983 -

29 Apr 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-29 00:15

Updated : 2025-06-20 17:38


NVD link : CVE-2024-33899

Mitre link : CVE-2024-33899

CVE.ORG link : CVE-2024-33899


JSON object : View

Products Affected

opengroup

  • unix

linux

  • linux_kernel

rarlab

  • winrar
CWE
CWE-150

Improper Neutralization of Escape, Meta, or Control Sequences