Vulnerabilities > Rarlab > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-01 | CVE-2017-20006 | Out-of-bounds Write vulnerability in Rarlab Unrar 5.6.1.2/5.6.1.3 UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile). | 6.8 |
| 2021-07-01 | CVE-2018-25018 | Out-of-bounds Write vulnerability in Rarlab Unrar 6.0.3 UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext. | 6.8 |
| 2019-02-13 | CVE-2018-20253 | Out-of-bounds Write vulnerability in Rarlab Winrar In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. | 6.8 |
| 2019-02-05 | CVE-2018-20252 | Out-of-bounds Write vulnerability in Rarlab Winrar In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. | 6.8 |
| 2019-02-05 | CVE-2018-20251 | Path Traversal vulnerability in Rarlab Winrar In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. | 4.3 |
| 2017-09-03 | CVE-2017-14122 | Out-of-bounds Read vulnerability in multiple products unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp. | 6.4 |
| 2017-09-03 | CVE-2017-14121 | NULL Pointer Dereference vulnerability in multiple products The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. | 4.3 |
| 2017-09-03 | CVE-2017-14120 | Path Traversal vulnerability in multiple products unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. | 5.0 |
| 2017-08-18 | CVE-2017-12938 | Path Traversal vulnerability in Rarlab Unrar UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . | 5.0 |
| 2017-06-04 | CVE-2014-9983 | Path Traversal vulnerability in Rarlab RAR Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. | 4.3 |