Lucene search

K
cvelistCheckpointCVELIST:CVE-2018-20250
HistoryFeb 05, 2019 - 12:00 a.m.

CVE-2018-20250

2019-02-0500:00:00
CWE-36
checkpoint
www.cve.org

7.8 High

AI Score

Confidence

High

0.973 High

EPSS

Percentile

99.9%

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

CNA Affected

[
  {
    "product": "WinRAR",
    "vendor": "Check Point Software Technologies Ltd.",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior and including 5.61"
      }
    ]
  }
]