Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rarlab unrar vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-12940
libunrar.a in UnRAR prior to 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
Rarlab Unrar
9.8
CVSSv3
CVE-2017-12941
libunrar.a in UnRAR prior to 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.
Rarlab Unrar
9.8
CVSSv3
CVE-2017-12942
libunrar.a in UnRAR prior to 5.5.7 has a buffer overflow in the Unpack::LongLZ function.
Rarlab Unrar
9.8
CVSSv3
CVE-2012-6706
A VMSF_DELTA memory corruption exists in unrar prior to 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine prior to 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative va...
Sophos Threat Detection Engine
Rarlab Unrar
9.1
CVSSv3
CVE-2017-14122
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.
Rarlab Unrar 0.0.1
Debian Debian Linux 9.0
7.8
CVSSv3
CVE-2018-25018
UnRAR 5.6.1.7 up to and including 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.
Rarlab Unrar
Rarlab Unrar 6.0.3
7.8
CVSSv3
CVE-2017-20006
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).
Rarlab Unrar 5.6.1.2
Rarlab Unrar 5.6.1.3
7.5
CVSSv3
CVE-2022-48579
UnRAR prior to 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
Rarlab Unrar
7.5
CVSSv3
CVE-2022-30333
RARLAB UnRAR prior to 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Rarlab Unrar
2 Metasploit modules
4 Github repositories
1 Article
7.5
CVSSv3
CVE-2017-14120
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.
Rarlab Unrar 0.0.1
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »