CVE-2022-30333
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.rarlab.com/rar_add.htm
- https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz
- https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
- http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html
- https://security.gentoo.org/glsa/202309-04
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: partial
Additional References
References
- https://www.rarlab.com/rar_add.htm
- https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz
- https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
- http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html
- https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html
- https://security.gentoo.org/glsa/202309-04
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.