WinRAR 7.23 fixes security vulnerabilities, updates 7z library & enhances version display

WinRAR 7.23 fixes security vulnerabilities, updates 7z library & enhances version display

WinRAR 7.23 has been released for Windows, delivering the latest update to this widely used file archiver and compression utility. This version addresses two major security vulnerabilities affecting multiple extraction tools. A heap overflow vulnerability present in the RAR5 recovery volume reconstruction code has been resolved, which previously impacted WinRAR, RAR, and UnRAR. Additionally, extraction code now prevents the placement of files through symbolic links pointing outside the destination folder, closing a potential path traversal attack vector in WinRAR, RAR, and UnRAR.

Building on these security enhancements, the bundled 7zxa.dll extraction library has been updated to version 26.02. This update incorporates recent bug and vulnerability fixes made by the upstream library developer, providing further reliability and safety when handling 7z archives.

For users relying on the command-line interface, the -iver switch has been improved: it will now print the RAR version even when the -idc option is specified either on the command line or via configuration or environmental variables. Additionally, the -iver output now includes a new line character for improved readability in scripts and logs.

by Paul

SuperCoolDude
SuperCoolDude found this interesting
WinRAR iconWinRAR
  1177
  • ...

WinRAR is a file archiver offering compression and encryption capabilities. It supports multiple formats for secure data transfer and efficient storage. Key features include a command line interface, AES-256 encryption, and shell integration. With a rating of 3.6, WinRAR provides robust tools for managing and securing files.

No comments so far, maybe you want to be first?
Gu