8 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-12938
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to...
Linux Distros Unpatched Vulnerability : CVE-2018-25018
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext. CVE-2018-25018 Note...
PT-2022-2560
Name of the Vulnerable Software and Affected Versions UnRAR versions prior to 6.12 Description The issue allows directory traversal to write to files during an extract operation, as demonstrated by creating a /.ssh/authorized keys file. This can be exploited by remote attackers to execute arbitra...
SUSE-SU-2021:2834-1 Security update for unrar
This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed: - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file...
SUSE-SU-2018:0862-1 Security update for unrar
This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed: - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file...
unrar buffer overflow vulnerability
unrar also known as unrar-free or unrar-gpl is a decompression software used in Linux. A buffer overflow vulnerability exists in the unrarlib.c file in unrar version 0.0.1. A remote attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code...
DEBIAN-CVE-2017-14121
The DecodeNumber function in unrarlib.c in unrar 0.0.1 aka unrar-free or unrar-gpl suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references...
UBUNTU-CVE-2017-12938
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file...