![]() ![]() If you are an organization using Chocolatey, we want your experience to be fully reliable.ĭue to the nature of this publicly offered repository, reliability cannot be guaranteed. Human moderators who give final review and sign off.Security, consistency, and quality checking.ModerationĮvery version of each package undergoes a rigorous moderation process before it goes live that typically includes: For reference, RARLAB and Zero Day Initiative have only revealed the existence of this exploit - they haven't explained exactly how it is performed.Welcome to the Chocolatey Community Package Repository! The packages found in this section of the site are provided, maintained, and moderated by the community. At the time of writing, there is no evidence that hackers have exploited CVE-2023-40477 in the real world, though this may change as the vulnerability has become public knowledge. It isn't a "critical" vulnerability, but if you're the kind of person who downloads random RAR archives from seedy websites, you should take this very seriously. ![]() According to Zero Day Initiative's public warning, "this issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer." RARLAB says that the flaw is located in WinRAR's "recovery volumes processing code," but doesn't elaborate any further.īecause this specific exploit requires user interaction (you must open a malicious archive), it has received a 7.8 severity rating from the CVSS. The vulnerability, which is identified as CVE-2023-40477, allows hackers to execute arbitrary code when a target opens a malicious RAR archive.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |