Vulnerabilities > Rarlab > Unrar
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-07 | CVE-2022-48579 | Link Following vulnerability in Rarlab Unrar UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. | 7.5 |
| 2022-05-09 | CVE-2022-30333 | Path Traversal vulnerability in multiple products RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. | 7.5 |
| 2021-07-01 | CVE-2017-20006 | Out-of-bounds Write vulnerability in Rarlab Unrar 5.6.1.2/5.6.1.3 UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile). | 6.8 |
| 2021-07-01 | CVE-2018-25018 | Out-of-bounds Write vulnerability in Rarlab Unrar 6.0.3 UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext. | 6.8 |
| 2017-09-03 | CVE-2017-14122 | Out-of-bounds Read vulnerability in multiple products unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp. | 6.4 |
| 2017-09-03 | CVE-2017-14121 | NULL Pointer Dereference vulnerability in multiple products The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. | 4.3 |
| 2017-09-03 | CVE-2017-14120 | Path Traversal vulnerability in multiple products unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. | 5.0 |
| 2017-08-18 | CVE-2017-12942 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rarlab Unrar libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. | 7.5 |
| 2017-08-18 | CVE-2017-12941 | Out-of-bounds Read vulnerability in Rarlab Unrar libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. | 7.5 |
| 2017-08-18 | CVE-2017-12940 | Out-of-bounds Read vulnerability in Rarlab Unrar libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. | 7.5 |