Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rarlab vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-30333
RARLAB UnRAR prior to 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Rarlab Unrar
2 Metasploit modules
4 Github repositories
1 Article
7.8
CVSSv3
CVE-2023-38831
RARLAB WinRAR prior to 6.23 allows malicious users to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name ...
Rarlab Winrar
66 Github repositories
4 Articles
7.8
CVSSv3
CVE-2018-20250
In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating ...
Rarlab Winrar
2 EDB exploits
21 Github repositories
5 Articles
7.8
CVSSv3
CVE-2018-20252
In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Rarlab Winrar
1 Github repository
7.5
CVSSv3
CVE-2022-48579
UnRAR prior to 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
Rarlab Unrar
7.1
CVSSv3
CVE-2022-43650
This vulnerability allows remote malicious users to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
Rarlab Winrar 6.11
NA
CVE-2005-4474
Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted malicious users to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-A...
Rarlab Winrar 3.51
NA
CVE-2006-3912
Stack-based buffer overflow in the SFX module in WinRAR prior to 3.60 beta 8 has unspecified vectors and impact.
Rarlab Winrar 3.60 Beta8
3 EDB exploits
NA
CVE-2007-3726
Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote malicious users to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed nu...
Rarlab Unrar 3.70 Beta 3
9.8
CVSSv3
CVE-2012-6706
A VMSF_DELTA memory corruption exists in unrar prior to 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine prior to 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative va...
Sophos Threat Detection Engine
Rarlab Unrar
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »