Vulnerabilities > Rarlab > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-23 | CVE-2023-38831 | Insufficient Verification of Data Authenticity vulnerability in Rarlab Winrar RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. | 7.8 |
| 2023-08-07 | CVE-2022-48579 | Link Following vulnerability in Rarlab Unrar UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. | 7.5 |
| 2022-05-09 | CVE-2022-30333 | Path Traversal vulnerability in multiple products RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. | 7.5 |
| 2019-02-05 | CVE-2018-20250 | Path Traversal vulnerability in Rarlab Winrar In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). | 7.8 |
| 2017-08-18 | CVE-2017-12942 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rarlab Unrar libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. | 7.5 |
| 2017-08-18 | CVE-2017-12941 | Out-of-bounds Read vulnerability in Rarlab Unrar libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. | 7.5 |
| 2017-08-18 | CVE-2017-12940 | Out-of-bounds Read vulnerability in Rarlab Unrar libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. | 7.5 |
| 2005-10-20 | CVE-2005-3263 | Remote vulnerability in RARLAB WinRAR Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via an ACE archive containing a file with a long name. | 7.5 |
| 2005-10-20 | CVE-2005-3262 | Remote vulnerability in RARLAB WinRAR Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename. | 7.5 |