Description
RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can craft a malicious input string exceeding 6000 bytes and paste it into the User Name and Registration Code field to trigger an application crash.
Published: 2026-03-11
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (Buffer Overflow)
Action: Apply Patch
AI Analysis

Impact

RAR Password Recovery 1.80 contains a buffer overflow that allows a local attacker to crash the application by supplying an oversized payload in the registration dialog. The attacker can craft an input string exceeding 6000 bytes and paste it into the User Name and Registration Code field, triggering a denial‑of‑service condition for legitimate users. This weakness is identified as CWE‑787.

Affected Systems

The affected product is Top‑Password RAR Password Recovery version 1.80. No other versions or products are listed, and the vulnerability is limited to local users who can supply registration data.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, while the EPSS score of less than 1% suggests that exploitation is currently unlikely. The vulnerability is not included in the CISA KEV catalog. Attackers must have local access and manually submit a malicious registration string; thus, exploitation would require user interaction and is not readily automated.

Generated by OpenCVE AI on March 17, 2026 at 15:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Top‑Password for an updated RAR Password Recovery version or a patch that addresses the buffer overflow.
  • If no patch is available, uninstall or disable the RAR Password Recovery 1.80 application until a fix is released.
  • Monitor system or application logs for unexpected crashes that may indicate an attempted exploitation.

Generated by OpenCVE AI on March 17, 2026 at 15:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Top Password Software
Top Password Software rar Password Recovery
Vendors & Products Top Password Software
Top Password Software rar Password Recovery

Wed, 11 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can craft a malicious input string exceeding 6000 bytes and paste it into the User Name and Registration Code field to trigger an application crash.
Title RAR Password Recovery 1.80 Denial of Service Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Top Password Software Rar Password Recovery
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-11T19:31:01.490Z

Reserved: 2026-02-23T12:12:58.687Z

Link: CVE-2019-25477

cve-icon Vulnrichment

Updated: 2026-03-11T19:22:43.067Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T19:16:01.787

Modified: 2026-03-12T21:08:22.643

Link: CVE-2019-25477

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:29:43Z

Weaknesses