cvedb.io
CVE-2022-23596
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2022-02-01T12:15:08.257 · Last modified 2026-06-17T04:30:26.593

Summary

Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. The problem is patched in 7.4.1. There are no known workarounds and users are advised to upgrade as soon as possible.

Affected products

junrar_project — junrar

Does this affect you?

Add your gear to cvedb and we'll alert you only when junrar_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.