Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
RAR Password Recovery 1.80 Crashes with Oversized Registration Input
CVE-2019-25477
Summary
The RAR Password Recovery application crashes if a user enters an extremely long username or registration code in the registration dialog. This flaw allows an attacker to intentionally crash the application, but is not a way to access sensitive data. To mitigate this issue, consider updating to a newer version of the software.
Original title
RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can ...
Original description
RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can craft a malicious input string exceeding 6000 bytes and paste it into the User Name and Registration Code field to trigger an application crash.
nvd CVSS3.1
6.2
nvd CVSS4.0
6.9
Vulnerability type
CWE-787
Out-of-bounds Write
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026