Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rarlab vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2018-25018
UnRAR 5.6.1.7 up to and including 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.
Rarlab Unrar
Rarlab Unrar 6.0.3
NA
CVE-2007-0855
Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote malicious users to execute arbitrary code via a crafted, password-protected archive.
Rarlab Unrar 3.60
Rarlab Unrar 3.61
7.8
CVSSv3
CVE-2017-20006
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).
Rarlab Unrar 5.6.1.2
Rarlab Unrar 5.6.1.3
7.5
CVSSv3
CVE-2022-30333
RARLAB UnRAR prior to 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Rarlab Unrar
2 Metasploit modules
4 Github repositories
1 Article
5.5
CVSSv3
CVE-2018-20251
In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module (UNACEV2.dll) creates files and folders as written in the filename field even when WinRAR validator noticed the traversal att...
Rarlab Winrar
1 Github repository
7.8
CVSSv3
CVE-2018-20253
In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Rarlab Winrar
1 Github repository
7.8
CVSSv3
CVE-2018-20250
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating ...
Rarlab Winrar
2 EDB exploits
21 Github repositories
5 Articles
7.8
CVSSv3
CVE-2023-38831
RARLAB WinRAR prior to 6.23 allows malicious users to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name ...
Rarlab Winrar
65 Github repositories
4 Articles
7.4
CVSSv3
CVE-2015-5663
The file-execution functionality in WinRAR prior to 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user.
Rarlab Winrar
7.5
CVSSv3
CVE-2017-12938
UnRAR prior to 5.5.7 allows remote malicious users to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.
Rarlab Unrar
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »