CVE-2017-12938

UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file...

EUVD-2017-4462

Malware in sbrugna...

EUVD-2012-6548

Malware in sbrugna...

EUVD-2017-5634

Malware in sbrugna...

EUVD-2017-4465

Malware in sbrugna...

EUVD-2018-13799

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-12940

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. CVE-2017-12940 Note tha...

Linux Distros Unpatched Vulnerability : CVE-2022-30333

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract aka unpack operation, as demonstrated by creating a...

CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...

CVE-2017-20006

UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile...

CVE-2018-25018

UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext...

Exploit for Link Following in Rarlab Unrar

A proof of concept for CVE-2022-30333 - a path traversal vulnera...

The vulnerability of the UnRAR decompression tool lies in the improper handling of symbolic links before accessing the file, allowing attackers to gain access to confidential data.

The vulnerability of the UnRAR decompression tool is related to the incorrect handling of symbolic links before accessing the file. Exploiting this vulnerability can allow an attacker who operates remotely to gain access to confidential data...

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.

...

CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...

DEBIAN-CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...

AZL-34592 CVE-2022-48579 affecting package clamav for versions less than 0.105.2-4

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...

CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...

SUSE CVE-2017-14121

The DecodeNumber function in unrarlib.c in unrar 0.0.1 aka unrar-free or unrar-gpl suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references...

SUSE CVE-2017-14122

unrar 0.0.1 aka unrar-free or unrar-gpl suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp...