CVE-2018-20250

Summary

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

Affected Software

VendorProductVersion RangeStatus
Check Point Software Technologies Ltd.WinRARAll versions prior and including 5.61affected

Weaknesses

  • CWE-36: CWE-36: Absolute Path Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References