{"id":"DEBIAN-CVE-2017-20006","details":"UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).","modified":"2025-11-20T10:13:04.865521Z","published":"2021-07-01T03:15:07.420Z","upstream":["CVE-2017-20006"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2017-20006"}],"affected":[{"package":{"name":"unrar-nonfree","ecosystem":"Debian:11","purl":"pkg:deb/debian/unrar-nonfree?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:5.6.6-1"}]}],"versions":["1:3.5.2-0.1","1:3.5.2-0.2","1:3.5.4-0.1","1:3.5.4-1","1:3.5.4-1.1","1:3.7.2-1","1:3.7.3-1","1:3.7.3-1.1","1:3.7.8-1","1:3.7.8-2","1:3.8.2-1","1:3.8.4-1","1:3.8.5-1","1:3.8.5-2","1:3.9.10-1","1:3.9.3-1","1:3.9.5-1","1:3.9.6-1","1:3.9.7-1","1:3.9.9-1","1:4.0.2-1","1:4.0.3-1","1:4.1.4-1","1:4.2.4-0.1","1:4.2.4-0.2","1:4.2.4-0.3","1:5.0.10-1","1:5.2.5-1","1:5.2.7-0.1","1:5.3.2-1","1:5.4.5-1","1:5.5.5-1","1:5.5.8-1","3.3.6-2","3.3.6-2.0.1","3.4.3-1"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2017-20006.json"}},{"package":{"name":"unrar-nonfree","ecosystem":"Debian:12","purl":"pkg:deb/debian/unrar-nonfree?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:5.6.6-1"}]}],"versions":["1:3.5.2-0.1","1:3.5.2-0.2","1:3.5.4-0.1","1:3.5.4-1","1:3.5.4-1.1","1:3.7.2-1","1:3.7.3-1","1:3.7.3-1.1","1:3.7.8-1","1:3.7.8-2","1:3.8.2-1","1:3.8.4-1","1:3.8.5-1","1:3.8.5-2","1:3.9.10-1","1:3.9.3-1","1:3.9.5-1","1:3.9.6-1","1:3.9.7-1","1:3.9.9-1","1:4.0.2-1","1:4.0.3-1","1:4.1.4-1","1:4.2.4-0.1","1:4.2.4-0.2","1:4.2.4-0.3","1:5.0.10-1","1:5.2.5-1","1:5.2.7-0.1","1:5.3.2-1","1:5.4.5-1","1:5.5.5-1","1:5.5.8-1","3.3.6-2","3.3.6-2.0.1","3.4.3-1"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2017-20006.json"}},{"package":{"name":"unrar-nonfree","ecosystem":"Debian:13","purl":"pkg:deb/debian/unrar-nonfree?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:5.6.6-1"}]}],"versions":["1:3.5.2-0.1","1:3.5.2-0.2","1:3.5.4-0.1","1:3.5.4-1","1:3.5.4-1.1","1:3.7.2-1","1:3.7.3-1","1:3.7.3-1.1","1:3.7.8-1","1:3.7.8-2","1:3.8.2-1","1:3.8.4-1","1:3.8.5-1","1:3.8.5-2","1:3.9.10-1","1:3.9.3-1","1:3.9.5-1","1:3.9.6-1","1:3.9.7-1","1:3.9.9-1","1:4.0.2-1","1:4.0.3-1","1:4.1.4-1","1:4.2.4-0.1","1:4.2.4-0.2","1:4.2.4-0.3","1:5.0.10-1","1:5.2.5-1","1:5.2.7-0.1","1:5.3.2-1","1:5.4.5-1","1:5.5.5-1","1:5.5.8-1","3.3.6-2","3.3.6-2.0.1","3.4.3-1"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2017-20006.json"}},{"package":{"name":"unrar-nonfree","ecosystem":"Debian:14","purl":"pkg:deb/debian/unrar-nonfree?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:5.6.6-1"}]}],"versions":["1:3.5.2-0.1","1:3.5.2-0.2","1:3.5.4-0.1","1:3.5.4-1","1:3.5.4-1.1","1:3.7.2-1","1:3.7.3-1","1:3.7.3-1.1","1:3.7.8-1","1:3.7.8-2","1:3.8.2-1","1:3.8.4-1","1:3.8.5-1","1:3.8.5-2","1:3.9.10-1","1:3.9.3-1","1:3.9.5-1","1:3.9.6-1","1:3.9.7-1","1:3.9.9-1","1:4.0.2-1","1:4.0.3-1","1:4.1.4-1","1:4.2.4-0.1","1:4.2.4-0.2","1:4.2.4-0.3","1:5.0.10-1","1:5.2.5-1","1:5.2.7-0.1","1:5.3.2-1","1:5.4.5-1","1:5.5.5-1","1:5.5.8-1","3.3.6-2","3.3.6-2.0.1","3.4.3-1"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2017-20006.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}