CVE-2022-30333 - OpenCVE

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel
Opengroup	Unix
Rarlab	Unrar

Configuration 1 [-]

AND

cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:opengroup:unix:-:::::::*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html
https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html
https://security.gentoo.org/glsa/202309-04
https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz
https://www.rarlab.com/rar_add.htm

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-05-09T00:00:00

Updated: 2024-08-03T06:48:35.705Z

Reserved: 2022-05-07T00:00:00

Link: CVE-2022-30333

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-05-09T08:15:06.937

Modified: 2024-06-28T14:12:45.617

Link: CVE-2022-30333

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-30333", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T06:48:35.705Z", "dateReserved": "2022-05-07T00:00:00", "datePublished": "2022-05-09T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-17T06:06:09.291545"}, "descriptions": [{"lang": "en", "value": "RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.rarlab.com/rar_add.htm"}, {"url": "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz"}, {"url": "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/"}, {"url": "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html"}, {"name": "[debian-lts-announce] 20230817 [SECURITY] [DLA 3534-1] rar security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html"}, {"name": "GLSA-202309-04", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202309-04"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:48:35.705Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.rarlab.com/rar_add.htm", "tags": ["x_transferred"]}, {"url": "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz", "tags": ["x_transferred"]}, {"url": "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230817 [SECURITY] [DLA 3534-1] rar security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html"}, {"name": "GLSA-202309-04", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202309-04"}]}]}}

{"cisaActionDue": "2022-08-30", "cisaExploitAdd": "2022-08-09", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "RARLAB UnRAR Directory Traversal Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*", "matchCriteriaId": "35D143B1-7FE7-4580-886E-4A54F6AB0CD9", "versionEndExcluding": "6.12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected."}, {"lang": "es", "value": "RARLAB UnRAR versiones hasta 6.12, en Linux y UNIX permite un salto de directorio para escribir en los archivos durante una operaci\u00f3n de extracci\u00f3n (tambi\u00e9n se conoce como desempaquetado), como es demostrado creando un archivo ~/.ssh/authorized_keys. NOTA: WinRAR y Android RAR no est\u00e1n afectados"}], "id": "CVE-2022-30333", "lastModified": "2024-06-28T14:12:45.617", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-09T08:15:06.937", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202309-04"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.rarlab.com/rar_add.htm"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}