RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files.
RAR and UnRAR contain a boundary error when processing password-protected archives that could result in a stack-based buffer overflow.
A remote attacker could entice a user to process a specially crafted password-protected archive and execute arbitrary code with the rights of the user uncompressing the archive.
There is no known workaround at this time.
All UnRAR users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/unrar-3.7.3"
All RAR users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/rar-3.7.0_beta1"