Main Vulnerability Database Vulnerabilities #VU62908

#VU62908 Path traversal in UnRar - CVE-2022-30333

Published: May 10, 2022 / Updated: August 9, 2022

Vulnerability identifier: #VU62908

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear

CVE-ID: CVE-2022-30333

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
UnRar

Software vendor:
RARLAB

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences when extracting files from archive. A remote attacker can create a specially crafted archive and overwrite arbitrary files on the system with privileges of the current user.

The vulnerability affects Linux and UNIX systems.

Remediation

Install update from vendor's website.

External links

https://www.rarlab.com/rar_add.htm

#VU62908 Path traversal in UnRar - CVE-2022-30333

Description

Remediation

External links

Please verify you're human