7.6 High
AI Score
Confidence
High
0.927 High
EPSS
Percentile
99.0%
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html
blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
lists.debian.org/debian-lts-announce/2023/08/msg00022.html
security.gentoo.org/glsa/202309-04
www.rarlab.com/rar/rarlinux-x32-612.tar.gz
www.rarlab.com/rar_add.htm