Vulnerability in N/a
CVE-2023-38831
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also…
EPSS: 0.939 (99.9th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known ransomware campaign use: yes.
Public proof-of-concept exploits
- b1tg/CVE-2023-38831-winrar-exploit
- Garck3h/cve-2023-38831
- ignis-sec/CVE-2023-38831-RaRCE
- BoredHackerBlog/winrar_CVE-2023-38831_lazy_poc
- HDCE-inc/CVE-2023-38831
- knight0x07/WinRAR-Code-Execution-Vulnerability-CVE-2023-38831
- Maalfer/CVE-2023-38831_ReverseShell_Winrar-RCE
- xaitax/WinRAR-CVE-2023-38831
- MorDavid/CVE-2023-38831-Winrar-Exploit-Generator-POC
- ahmed-fa7im/CVE-2023-38831-winrar-expoit-simple-Poc
References
- www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
- www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to…
- news.ycombinator.com/item
- packetstormsecurity.com/files/174573/WinRAR-Remote-Code-Execution.html
- blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vu…
Frequently asked questions
- What is CVE-2023-38831?
- CVE-2023-38831 is a vulnerability in N/a. Published 2023-08-23.
- Is CVE-2023-38831 known to be exploited?
- Yes. CVE-2023-38831 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2023-08-24), indicating it is being actively exploited. 167 public proof-of-concept repositories are indexed.