RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-3534-1 | rar security update |
![]() |
USN-6569-1 | libclamunrar vulnerabilities |
![]() |
USN-7349-1 | RAR vulnerabilities |
![]() |
USN-7350-1 | UnRAR vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 29 Jan 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-59 | |
Metrics |
kev
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-07-30T01:37:42.371Z
Reserved: 2022-05-07T00:00:00.000Z
Link: CVE-2022-30333

Updated: 2024-08-03T06:48:35.705Z

Status : Analyzed
Published: 2022-05-09T08:15:06.937
Modified: 2025-03-13T15:35:00.390
Link: CVE-2022-30333

No data.

No data.