WinRAR 7.23 Final Version Released
WinRAR 7.23 Final Version Released
RARLAB.COM and win.rar GmbH proudly announce the release of the final version of WinRAR 7.23. It is a security-focused update, fixing a heap overflow vulnerability in RAR5 recovery volume processing and a symbolic link issue affecting extraction. The update also includes an upgraded 7z extraction library.
Security Fixes
The new version resolves a heap overflow vulnerability in the code, responsible for reconstructing data from RAR5 recovery volumes. This issue affects WinRAR, RAR and UnRAR. The UnRAR.dll library is not affected, as it does not include recovery volume processing. We are thankful to Arjun Basnet from Securin Labs for reporting this issue.
In addition, this new release also fixes an issue where a specially crafted RAR archive could create a symbolic link pointing outside of the intended destination folder during extraction, even without the -ola switch. Additional checks have been added to the extraction code to prevent files from being placed in such folders across multiple extraction commands, excluding the possibility of a path traversal attack for WinRAR, RAR, and UnRAR-based extraction. We are thankful to scofaild23-bnomran for reporting this issue.
We recommend updating to the new version WinRAR 7.23 as soon as possible to stay safe.
Library Update
The 7zxa.dll library, used for extracting 7z archives, has been updated to version 26.02, incorporating bug and security fixes from 7-Zip's developer.
Chủ đề
Chia sẻ bài viết
Cần tư vấn IT cho doanh nghiệp?
Vietify IT cung cấp Managed IT từ 4.990.000đ/tháng. Phản hồi trong 30 phút.
Bình luận
Đang tải bình luận…
Để lại bình luận
Cập nhật: 8/7/2026
