Update information on old CVE-2017-11189/unrar-free

author: Salvatore Bonaccorso <carnil@debian.org> 2021-09-26 14:22:52 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-09-26 14:22:52 +0200
commit: f9fc85be7b9373be8df783aacff6b92e4c80f1f2 (patch)
tree: 76267bd1716f145f3ad98980d40ff2f6ffcb1bb4 /data/CVE/2017.list
parent: 1d1c9d9cc33f76199c48561240bdaf57663d9a2b (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 1e57790a1e..7136e6cbdf 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -22136,8 +22136,10 @@ CVE-2017-11190 (unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled,
 	- unrar-free <unfixed> (unimportant)
 	NOTE: Affected debug code not enabled
 CVE-2017-11189 (unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a ...)
-	- unrar-free <unfixed> (unimportant)
+	- unrar-free 1:0.0.1+cvs20140707-4 (unimportant)
 	NOTE: Crash in CLI tool, no security impact
+	NOTE: https://github.com/0x09AL/my-exploits/blob/master/pocs/unrar-free/dos/DESCRIPTION
+	NOTE: Same fix as CVE-2017-14121 and possibly to be considered a duplicate
 CVE-2017-11187 (phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks t ...)
 	NOT-FOR-US: phpMyFAQ
 CVE-2017-11186
author	Salvatore Bonaccorso <carnil@debian.org>	2021-09-26 14:22:52 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-09-26 14:22:52 +0200
commit	f9fc85be7b9373be8df783aacff6b92e4c80f1f2 (patch)
tree	76267bd1716f145f3ad98980d40ff2f6ffcb1bb4 /data/CVE/2017.list
parent	1d1c9d9cc33f76199c48561240bdaf57663d9a2b (diff)