Published: 04/06/2017 Updated: 12/06/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote malicious users to write to arbitrary files via a crafted archive.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rarlab rar 5.20
rarlab rar 5.21
rarlab rar 5.30
rarlab rar 5.31
rarlab rar 4.11
rarlab rar 4.20
rarlab rar 5.50
rarlab rar 4.01
rarlab rar 5.01
rarlab rar 5.11
rarlab rar 5.40
rarlab rar 5.00
rarlab rar 4.00
rarlab rar 4.10
rarlab rar 5.10

Debian Bug report logs - #774172 rar: CVE-2014-9983: symlink directory traversal Package: rar; Maintainer for rar is Martin Meredith <mez@debianorg>; Source for rar is src:rar (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@debianorg> Date: Mon, 29 Dec 2014 21:33:07 UTC Severity: important Tags: security, ups ...

CWE-22 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774172 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774172 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-9983

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect