Update information on old CVE-2017-11189/unrar-free

author: Salvatore Bonaccorso <carnil@debian.org> 2021-09-26 14:22:52 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-09-26 14:22:52 +0200
commit: a2f5304ad9a7bb08bda91701113f391ebb6806fe (patch)
tree: cc910a0e095e3380c9280498799b806b57a741e1 /data/CVE/list.2017
parent: 8da696b703874624553a3269c9de2b65c124f4a8 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017
index 1e57790a1e..7136e6cbdf 100644
--- a/data/CVE/list.2017
+++ b/data/CVE/list.2017
@@ -22136,8 +22136,10 @@ CVE-2017-11190 (unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled,
 	- unrar-free <unfixed> (unimportant)
 	NOTE: Affected debug code not enabled
 CVE-2017-11189 (unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a ...)
-	- unrar-free <unfixed> (unimportant)
+	- unrar-free 1:0.0.1+cvs20140707-4 (unimportant)
 	NOTE: Crash in CLI tool, no security impact
+	NOTE: https://github.com/0x09AL/my-exploits/blob/master/pocs/unrar-free/dos/DESCRIPTION
+	NOTE: Same fix as CVE-2017-14121 and possibly to be considered a duplicate
 CVE-2017-11187 (phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks t ...)
 	NOT-FOR-US: phpMyFAQ
 CVE-2017-11186
author	Salvatore Bonaccorso <carnil@debian.org>	2021-09-26 14:22:52 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-09-26 14:22:52 +0200
commit	a2f5304ad9a7bb08bda91701113f391ebb6806fe (patch)
tree	cc910a0e095e3380c9280498799b806b57a741e1 /data/CVE/list.2017
parent	8da696b703874624553a3269c9de2b65c124f4a8 (diff)