Rarlab: >> Unrar >> 5.6.1.3 Security Vulnerabilities
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-08-07
CVE-2022-30333
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Known exploited
CVSS Score
7.5
EPSS Score
0.913
Published
2022-05-09
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).
CVSS Score
7.8
EPSS Score
0.004
Published
2021-07-01