Vulnerabilities > Rarlab > Unrar > 0.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-07 | CVE-2022-48579 | Link Following vulnerability in Rarlab Unrar UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. | 7.5 |
2022-05-09 | CVE-2022-30333 | Path Traversal vulnerability in multiple products RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. | 7.5 |
2017-09-03 | CVE-2017-14122 | Out-of-bounds Read vulnerability in multiple products unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp. | 9.1 |
2017-09-03 | CVE-2017-14121 | NULL Pointer Dereference vulnerability in multiple products The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. | 5.5 |
2017-09-03 | CVE-2017-14120 | Path Traversal vulnerability in multiple products unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory. | 7.5 |
2017-08-18 | CVE-2017-12942 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rarlab Unrar 0.0.1/5.5.4/5.5.6 libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. | 9.8 |
2017-08-18 | CVE-2017-12941 | Out-of-bounds Read vulnerability in Rarlab Unrar 0.0.1/5.5.4/5.5.6 libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. | 9.8 |
2017-08-18 | CVE-2017-12940 | Out-of-bounds Read vulnerability in Rarlab Unrar 0.0.1/5.5.4/5.5.6 libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function. | 9.8 |
2017-08-18 | CVE-2017-12938 | Path Traversal vulnerability in Rarlab Unrar 0.0.1/5.5.4/5.5.6 UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . | 7.5 |
2017-06-22 | CVE-2012-6706 | Integer Overflow or Wraparound vulnerability in multiple products A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. | 9.8 |