CVE-2022-23596: Loop with Unreachable Exit Condition ('Infinite Loop')

February 1, 2022 (updated February 4, 2022)

Junrar is an open source java RAR archive library. The impact depends solely on how the application uses the library, and whether files can be provided by malignant users. The problem is patched There are no known workarounds and users are advised to upgrade as soon as possible.

References

github.com/junrar/junrar/commit/7b16b3d90b91445fd6af0adfed22c07413d4fab7
github.com/junrar/junrar/issues/73
github.com/junrar/junrar/security/advisories/GHSA-m6cj-93v6-cvr5
nvd.nist.gov/vuln/detail/CVE-2022-23596

Detect and mitigate CVE-2022-23596 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →