WinRAR va sua loi heap-overflow trong file phuc hoi RAR5
WinRAR 7.23, phat hanh ngay 30 thang 6 nam 2026, sua mot loi heap-overflow (CVE-2026-14191) trong cach ung dung phuc hoi file RAR5 nhieu phan. Loi nay can mot file phuc hoi .rev bi chinh sua cong voi mot hanh dong sua chua de kich hoat, va vi WinRAR khong tu dong cap nhat, ban chi nhan duoc ban sua khi tu tay tai ve phien ban 7.23.
Last reviewed: 2026-07-08
Chuyen gi da xay ra
RARLAB phat hanh WinRAR 7.23 ngay 30 thang 6 nam 2026, khoa lai mot loi heap-overflow ma nha nghien cuu Arjun Basnet cua Securin Labs bao cao trong doan code dung de xay lai mot file nhieu phan bi hong tu cac file phuc hoi RAR5 (.rev). Mot file .rev sau trong bo co the khai bao mot so thu tu ban ghi ma code khong bao gio kiem tra so voi vung nho WinRAR da cap phat truoc, cho phep mot file bi chinh sua ghi du lieu do ke tan cong kiem soat vuot ra ngoai vung nho do. RARLAB goi day la mot bien the cua loi nam 2023 (CVE-2023-40477), khi do chi duoc sua tren dinh dang RAR3 cu hon - RAR5 van con lo den ban phat hanh nay. UnRAR.dll khong bi anh huong, vi thu vien nay khong bao gio xu ly file phuc hoi; WinRAR, cac cong cu dong lenh RAR/UnRAR, va RAR cho Android deu duoc ke thua ban sua.
De kich hoat can nhieu hon la mo mot file: muc tieu phai chay "Repair archive," mot lenh kiem tra unrar t, hoac qua trinh phuc hoi tu dong ma WinRAR thu khi gap mot bo file khong day du, nham vao mot file nen di kem file .rev bi gai san. Muc do nghiem trong o CVSS 7.8; cac trang theo doi chua ghi nhan ma khai thac cong khai hay truong hop bi loi dung thuc te nao cho den nay - khac voi mot loi WinRAR cu, da duoc sua, nhung ke tan cong van tiep tuc khai thac trong nhieu thang vi qua nhieu ban cai dat khong bao gio cap nhat.
| Muc | Chi tiet |
|---|---|
| Bi anh huong | WinRAR, cong cu dong lenh RAR va UnRAR (den ban 7.22) |
| Khong bi anh huong | UnRAR.dll (khong xu ly file phuc hoi) |
| Da sua trong | WinRAR 7.23 (30 thang 6 nam 2026) |
| Kich hoat | Hanh dong sua chua hoac kiem tra tren mot bo RAR5 nhieu phan + .rev bi chinh sua |
Tai sao dieu nay quan trong voi file hang ngay
File phuc hoi la cac file .rev tuy chon ma mot so cong cu nen them vao de mot bo RAR nhieu phan co the duoc xay lai neu mot phan bi mat hoac hong. Hau het moi nguoi khong bao gio dong den chung truc tiep, nhung chung van di kem trong cac bo sao luu cu va file nguoi khac gui lai cho ban. Loc theo duoi file se khong bat duoc loi nay: du lieu doc hai nam trong mot file .rev trong binh thuong, va mot cong kiem tra chi hoi "day co phai .zip hay .rar" se cho file anh em nay di qua. WinRAR cung khong tu dong cap nhat, nen mot ban sua phat hanh hom nay co the khong duoc ap dung vo thoi han tru khi co ai do tu tay cai dat.
Can lam gi voi file cua ban ngay bay gio
- Tu cap nhat WinRAR tren may. Kiem tra phien ban trong "About WinRAR," sau do tai ban 7.23 hoac moi hon tu trang chinh thuc neu ban dang dung ban cu - ban sua khong tu tim den ban.
- Bo qua sua chua voi bo file nhieu phan bat ngo. Neu mot bo .rar/.r00/.rev den tu ai do khong quen, dung chay "Repair archive" hay kiem tra phuc hoi tren do cho den khi xac minh duoc nguoi gui.
- Dung cong cu tren trinh duyet cho ZIP thuong. Giai nen hoac tao file nen - khong phai sua chua mot bo RAR bi hong - hoat dong tot voi cong cu giai nen ZIP truc tuyen va cong cu tao ZIP truc tuyen, khong can cai gi tren may.
- Van can dung RAR hay 7z? Huong dan chon cach giai nen file chi ra lua chon an toan nhat cho tung dinh dang; bai so sanh cac dinh dang file nen giai thich vi sao RAR can mot ung dung rieng con ZIP thi khong.
Sources
- RARLAB / win-rar.com - thong bao phat hanh WinRAR 7.23 Final (nguon chinh, 30 thang 6 nam 2026)
- Ho so lo hong CVE-2026-14191 - ghi du lieu vuot vung nho trong bo phan tich file phuc hoi RAR5
- Cyber Security News - WinRAR 7.23 Fixes Heap Overflow Vulnerability that Leads to Application Crashes
- Malwarebytes - WinRAR flaw could allow attackers to take control of your computer