Vulnerabilities > Rarlab > Unrar > 5.6.1.3

DATE CVE VULNERABILITY TITLE RISK
2023-08-07 CVE-2022-48579 Link Following vulnerability in Rarlab Unrar
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
network
low complexity
rarlab CWE-59
7.5
7.5
2022-05-09 CVE-2022-30333 Path Traversal vulnerability in Rarlab Unrar
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file.
network
low complexity
rarlab CWE-22
7.5
7.5
2021-07-01 CVE-2017-20006 Out-of-bounds Write vulnerability in Rarlab Unrar 5.6.1.2/5.6.1.3
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).
network
rarlab CWE-787
6.8
6.8