CVE-2025-11579
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-10

Last updated on: 2025-12-02

Assigner: Mattermost, Inc.

Description
github.com/nwaples/rardecode versions <=2.1.1 fail to restrict the dictionary size when reading large RAR dictionary sizes, which allows an attacker to provide a specially crafted RAR file and cause Denial of Service via an Out Of Memory Crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-10
Last Modified
2025-12-02
Generated
2026-06-16
AI Q&A
2025-10-10
EPSS Evaluated
2026-06-14
NVD
CVE-2025-11579
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
nwaples rardecode *
mattermost mattermost 10.11.4
mattermost mattermost 10.5.12
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in github.com/nwaples/rardecode versions up to 2.1.1, where the software fails to restrict the dictionary size when processing large RAR dictionary sizes. An attacker can exploit this by providing a specially crafted RAR file that causes the program to consume excessive memory, leading to a Denial of Service (DoS) through an Out Of Memory crash.

Impact Analysis

The impact of this vulnerability is a Denial of Service condition caused by an Out Of Memory crash. This means that an attacker can cause the affected software to crash or become unresponsive by supplying a malicious RAR file, potentially disrupting services or applications relying on this library.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11579. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart