In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: checkpoint
Published: 2019-02-05T20:00:00Z
Updated: 2024-09-17T00:11:50.340Z
Reserved: 2018-12-19T00:00:00
Link: CVE-2018-20250
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-02-05T20:29:00.243
Modified: 2024-07-24T16:05:24.393
Link: CVE-2018-20250
Redhat
No data.