
WinRAR 7.23 fixes security vulnerabilities, updates 7z library & enhances version display
WinRAR 7.23 has been released for Windows, delivering the latest update to this widely used file archiver and compression utility. This version addresses two major security vulnerabilities affecting multiple extraction tools. A heap overflow vulnerability present in the RAR5 recovery volume reconstruction code has been resolved, which previously impacted WinRAR, RAR, and UnRAR. Additionally, extraction code now prevents the placement of files through symbolic links pointing outside the destination folder, closing a potential path traversal attack vector in WinRAR, RAR, and UnRAR.
Building on these security enhancements, the bundled 7zxa.dll extraction library has been updated to version 26.02. This update incorporates recent bug and vulnerability fixes made by the upstream library developer, providing further reliability and safety when handling 7z archives.
For users relying on the command-line interface, the -iver switch has been improved: it will now print the RAR version even when the -idc option is specified either on the command line or via configuration or environmental variables. Additionally, the -iver output now includes a new line character for improved readability in scripts and logs.


