CVE-2025-11579

Summary

github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.

Affected Software

VendorProductVersion RangeStatus
nwaplesrardecode2.0.1 <= 2.1.1affected
nwaplesrardecode2.2.0unaffected

Weaknesses

  • CWE-789: CWE-789: Memory Allocation with Excessive Size Value

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References