WinRAR 7.23 Fixes Heap Overflow Vulnerability that Leads to Application Crashes

WinRAR 7.23 Fixes Heap Overflow Vulnerability that Leads to Application Crashes










WinRAR 7.23 addresses a newly disclosed heap overflow vulnerability in the RAR5 recovery volume processing code, tracked as CVE-2026-14191.

Closing a memory-corruption flaw that could be triggered by malicious recovery volume (.rev) data and potentially lead to application crashes or further exploitation.

WinRAR 7.23 is a security-focused maintenance release that primarily fixes two vulnerabilities impacting archive handling and extraction safety.

The most critical issue is a heap overflow in the RAR5 recovery volume data reconstruction logic, which affects WinRAR, command-line RAR, and UnRAR components.

In this release, the vendor also hardens symbolic link handling during extraction to mitigate path-traversal risks and updates the bundled 7z extraction library to incorporate upstream security fixes.

WinRAR 7.23 Fixes RAR5 Heap Overflow Vulnerability

The CVE-2026-14191 heap overflow vulnerability resides in code that reconstructs data from RAR5 recovery volumes, special files used to repair damaged multi-volume archives.

According to WinRAR’s changelog, specially crafted RAR5 recovery volume data could cause out-of-bounds writes on the heap when processed, corrupting in-memory structures and destabilizing WinRAR, RAR, and UnRAR binaries.

Notably, the UnRAR.dll library distributed by RARLAB does not implement recovery volume processing. It is therefore not directly affected by this specific flaw.

The issue has been credited to security researcher Arjun Basnet from Securin Labs, reflecting continued scrutiny of archive-processing code due to its integration in third-party applications and mail gateways.

From an exploitation perspective, an attacker would need to convince a user or an application to process malicious RAR5 recovery volumes alongside a target archive, for example by distributing crafted .rev files bundled with legitimate content.

Successful exploitation could lead to denial-of-service via WinRAR crashes, and depending on allocator behavior and surrounding mitigations, might be chainable with other bugs toward arbitrary code execution.

This type of vulnerability is particularly relevant in environments where UnRAR or RAR is embedded as a backend tool, such as email servers, backup systems, or file-processing pipelines, because automated recovery operations may be triggered without the user’s direct awareness.

Given past real-world exploitation of WinRAR bugs in financially motivated campaigns, keeping archive utilities patched is now a common hardening requirement in enterprise environments.

Beyond the heap overflow, WinRAR 7.23 tightens handling of symbolic links that point outside the destination folder, which previously allowed a crafted archive to create symlinks leading to external paths even without the -ola option enabled.

The updated extraction logic now prevents placing files via such links across multiple extraction operations, effectively blocking a class of path-traversal scenarios in WinRAR, RAR, and UnRAR-based extraction workflows.

According to RARLAB, WinRAR 7.23 updates the integrated 7zxa.dll library to version 26.02, incorporating upstream 7-Zip bug fixes and security patches to improve the safe handling of 7z archives.

Users and administrators should update WinRAR, RAR, and UnRAR to version 7.23 or later, especially on systems that process untrusted archives or recovery volumes from the internet, email, or shared storage.

Organizations embedding UnRAR or RAR in server-side workflows should verify that bundled binaries have been upgraded, and consider monitoring for suspicious or unexpected RAR5 recovery volumes in logs and content filters as a preventive measure.

Download Free Microsoft Vulnerabilities Report 2026
– A The latest Microsoft Vulnerabilities data, analyzed.


Download Now

The post WinRAR 7.23 Fixes Heap Overflow Vulnerability that Leads to Application Crashes appeared first on Cyber Security News.






Abinaya





Go to cyber-security-news