Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unrar vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2017-14122
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.
Rarlab Unrar 0.0.1
Debian Debian Linux 9.0
5
CVSSv2
CVE-2022-30333
RARLAB UnRAR prior to 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Rarlab Unrar
2 Metasploit modules
4 Github repositories
1 Article
5
CVSSv2
CVE-2017-14120
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.
Rarlab Unrar 0.0.1
Debian Debian Linux 9.0
5
CVSSv2
CVE-2017-12938
UnRAR prior to 5.5.7 allows remote malicious users to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.
Rarlab Unrar
4.3
CVSSv2
CVE-2018-0202
clamscan in ClamAV prior to 0.99.4 contains a vulnerability that could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Porta...
Clamav Clamav
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Debian Debian Linux 7.0
1 Github repository
4.3
CVSSv2
CVE-2018-1000085
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR...
Clamav Clamav 0.99.3
Debian Debian Linux 7.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
4.3
CVSSv2
CVE-2017-14121
The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.
Rarlab Unrar 0.0.1
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2017-11423
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote malicious users to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.
Libmspack Project Libmspack 0.5
4.3
CVSSv2
CVE-2017-11189
unrarlib.c in unrar-free 0.0.1 might allow remote malicious users to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code for a long-running application. NOTE: one of the several test cases in the ...
Rarzilla Unrar-free 0.0.1
4.3
CVSSv2
CVE-2007-3725
The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) prior to 0.91 allows user-assisted remote malicious users to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.
Clam Anti-virus Clamav 0.51
Clam Anti-virus Clamav 0.52
Clam Anti-virus Clamav 0.21
Clam Anti-virus Clamav 0.22
Clam Anti-virus Clamav 0.60p
Clam Anti-virus Clamav 0.65
Clam Anti-virus Clamav 0.73
Clam Anti-virus Clamav 0.74
Clam Anti-virus Clamav 0.80 Rc4
Clam Anti-virus Clamav 0.81
Clam Anti-virus Clamav 0.85.1
Clam Anti-virus Clamav 0.86
Clam Anti-virus Clamav 0.88.1
Clam Anti-virus Clamav 0.88.3
Clam Anti-virus Clamav 0.90 Rc2
Clam Anti-virus Clamav 0.90 Rc3
Clam Anti-virus Clamav 0.15
Clam Anti-virus Clamav 0.20
Clam Anti-virus Clamav 0.23
Clam Anti-virus Clamav 0.24
Clam Anti-virus Clamav 0.67
Clam Anti-virus Clamav 0.68
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »