Search
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30333 | 3 Linux, Opengroup, Rarlab | 3 Linux Kernel, Unix, Unrar | 2023-08-17 | 5.0 MEDIUM | 7.5 HIGH |
| RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected. | |||||
| CVE-2022-48579 | 1 Rarlab | 1 Unrar | 2023-08-17 | N/A | 7.5 HIGH |
| UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. | |||||
| CVE-2018-25018 | 2 Linux, Rarlab | 2 Linux Kernel, Unrar | 2021-07-07 | 6.8 MEDIUM | 7.8 HIGH |
| UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext. | |||||
| CVE-2017-20006 | 2 Linux, Rarlab | 2 Linux Kernel, Unrar | 2021-07-07 | 6.8 MEDIUM | 7.8 HIGH |
| UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile). | |||||
| CVE-2017-14120 | 2 Debian, Rarlab | 2 Debian Linux, Unrar | 2021-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. | |||||
| CVE-2017-12938 | 1 Rarlab | 1 Unrar | 2017-08-29 | 5.0 MEDIUM | 7.5 HIGH |
| UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file. | |||||