CVE-2014-9983 — Path Traversal in RAR

CWE-22 — Path Traversal5 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 50.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rarlab RAR

Timeline

PublishedJun 4

Latest updateMay 17

Description

Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianrarlab/rar< 2:5.3.b2-1+3

▶NVDrarlab/rar15 versions+14

🔴Vulnerability Details

GHSA

GHSA-4mq8-gv5p-mwm4: Directory Traversal exists in RAR 4↗2022-05-17

▶

OSV

CVE-2014-9983: Directory Traversal exists in RAR 4↗2017-06-04

▶

CVEList

CVE-2014-9983: Directory Traversal exists in RAR 4↗2017-06-04

▶

📋Vendor Advisories

Debian

CVE-2014-9983: rar - Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follow...↗2014

▶