cbcvebase.

Rarlab Winrar vulnerabilities

29 known vulnerabilities affecting rarlab/winrar.

Total CVEs
29
CISA KEV
4
actively exploited
Public exploits
10
Exploited in wild
5
Severity breakdown
CRITICAL4HIGH14MEDIUM8LOW3

Vulnerabilities

Page 1 of 2
CVE-2018-20250P1HIGHCVSS 7.8KEVPoCRansomware≤ 5.612019-02-05
CVE-2018-20250 [HIGH] CWE-36 CVE-2018-20250: In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
nvd
CVE-2025-8088P1HIGHCVSS 8.8KEVPoCRansomwarefixed in 7.132025-08-08
CVE-2025-8088 [HIGH] CWE-35 CVE-2025-8088: A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execu A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET.
nvd
CVE-2023-38831P1HIGHCVSS 7.8KEVPoCRansomwarefixed in 6.232023-08-23
CVE-2023-38831 [HIGH] CWE-345 CVE-2023-38831: RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable c
nvd
CVE-2025-6218P1HIGHCVSS 7.8KEVPoCfixed in 7.12v7.11 (64-bit)2025-06-21
CVE-2025-6218 [HIGH] CWE-22 CVE-2025-6218: RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows rem RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han
nvd
CVE-2014-125119P2HIGHCVSS 8.4ExploitedPoC≥ 3.80, < 3.91≥ 4.11, < 5.002025-07-25
CVE-2014-125119 [HIGH] CWE-20 CVE-2014-125119: A filename spoofing vulnerability exists in WinRAR when opening specially crafted ZIP archives. The A filename spoofing vulnerability exists in WinRAR when opening specially crafted ZIP archives. The issue arises due to inconsistencies between the Central Directory and Local File Header entries in ZIP files. When viewed in WinRAR, the file name from the Central Directory is displayed to the user, while the file from the Local File Header is extracte
nvd
CVE-2006-3845P3CRITICALCVSS 9.3PoCv3.0.0v3.10+16 more2006-07-25
CVE-2006-3845 [CRITICAL] CVE-2006-3845: Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive.
nvd
CVE-2005-3262P3HIGHCVSS 7.5PoCv2.90v3.0.0+9 more2005-10-20
CVE-2005-3262 [HIGH] CVE-2005-3262: Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute ar Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.
nvd
CVE-2004-1254P3CRITICALCVSS 10.0PoCv3.0.0v3.10+6 more2005-01-10
CVE-2004-1254 [CRITICAL] CVE-2004-1254: WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow.
nvd
CVE-2023-40477P3HIGHCVSS 7.8fixed in 6.23v6.212024-05-03
CVE-2023-40477 [HIGH] CWE-129 CVE-2023-40477: RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The s
nvd
CVE-2022-43650P3HIGHCVSS 7.1v6.11v6.11.0.02023-03-29
CVE-2022-43650 [HIGH] CWE-125 CVE-2022-43650: This vulnerability allows remote attackers to disclose sensitive information on affected installatio This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. Crafted data in a ZIP file can tr
nvd
CVE-2018-20251P3MEDIUMCVSS 5.5≤ 5.612019-02-05
CVE-2018-20251 [MEDIUM] CWE-693 CVE-2018-20251: In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module (UNACEV2.dll) creates files and folders as written in the filename field even when WinRAR validator noticed the traversal attempt and requestd to abort the extraction process. the operation is canc
nvd
CVE-2006-3912P4LOWCVSS 2.1PoCv3.60_beta82006-07-28
CVE-2006-3912 [LOW] CWE-119 CVE-2006-3912: Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors a Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact.
nvd
CVE-2005-4620P4MEDIUMCVSS 4.6PoCv2.90v3.0.0+10 more2005-12-31
CVE-2005-4620 [MEDIUM] CVE-2005-4620: Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long c Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument. NOTE: because this program executes with the privileges of the invoking user, and because remote programs do not normally have the ability to specify a command-line argument for this program, there may not be a typical attack vector for th
nvd
CVE-2018-20253P3HIGHCVSS 7.8≤ 5.602019-02-13
CVE-2018-20253 [HIGH] CWE-787 CVE-2018-20253: In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.
nvd
CVE-2018-20252P3HIGHCVSS 7.8≤ 5.602019-02-05
CVE-2018-20252 [HIGH] CWE-787 CVE-2018-20252: In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.
nvd
CVE-2024-36052P3HIGHCVSS 7.5fixed in 7.002024-05-21
CVE-2024-36052 [HIGH] CVE-2024-36052: RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape s RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.
nvd
CVE-2004-0234P3CRITICALCVSS 10.0v3.202004-08-18
CVE-2004-0234 [CRITICAL] CWE-119 CVE-2004-0234: Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used i Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.
nvd
CVE-2025-31334P3MEDIUMCVSS 6.8fixed in 7.11vprior to 7.112025-04-03
CVE-2025-31334 [MEDIUM] CWE-356 CVE-2025-31334: Issue that bypasses the "Mark of the Web" security warning function for files when opening a symboli Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.
nvd
CVE-2015-5663P3HIGHCVSS 7.4≤ 5.302015-12-30
CVE-2015-5663 [HIGH] CWE-264 CVE-2015-5663: The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user.
nvd
CVE-2008-7144P4CRITICALCVSS 10.0≤ 3.70v2.90+30 more2009-09-01
CVE-2008-7144 [CRITICAL] CVE-2008-7144: Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vec Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.
nvd
Rarlab Winrar vulnerabilities | cvebase