Unrar Security Vulnerabilities and Issues — Unrar CVE List

Lucene search

RarlabUnrar

6 matches found

CVE•added 2022/05/09 8:15 a.m.•906 views

CVE-2022-30333

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.

7.5CVSS7.5AI score0.91035EPSS

In wild

CVE•added 2021/07/01 3:15 a.m.•93 views

CVE-2017-20006

UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).

7.8CVSS7.7AI score0.0036EPSS

CVE•added 2021/07/01 3:15 a.m.•77 views

CVE-2018-25018

UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.

7.8CVSS7.6AI score0.0041EPSS

CVE•added 2023/08/07 4:15 a.m.•76 views

CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.

7.5CVSS7.4AI score0.00083EPSS

CVE•added 2017/08/18 1:29 p.m.•67 views

CVE-2017-12938

UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.

7.5CVSS8.3AI score0.01205EPSS

CVE•added 2017/09/03 8:29 p.m.•67 views

CVE-2017-14120

unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.

7.5CVSS7.5AI score0.00532EPSS