UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-07
CVE-2022-30333
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Known exploited
CVSS Score
7.5
EPSS Score
0.91
Published
2022-05-09
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-08-18
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-08-18
libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-08-18
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.
CVSS Score
7.5
EPSS Score
0.012
Published
2017-08-18