threat
engine
.sh
Back
·
··:··
Home
/
Product
/
rarlab unrar
Product
rarlab unrar
14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2022-48579
< 6.2.3
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
7.5
HIGH
CVE-2022-30333
< 6.12
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation,
7.5
HIGH
CVE-2018-25018
>= 5.6.1.7 and <= 5.7.4
UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen:
7.8
HIGH
CVE-2017-20006
all versions
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::Extr
7.8
HIGH
CVE-2017-14122
all versions
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stric
9.1
CRITICAL
CVE-2017-14121
all versions
The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw
5.5
MEDIUM
CVE-2017-14120
all versions
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the f
7.5
HIGH
CVE-2017-12942
<= 5.5.6
libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.
9.8
CRITICAL
CVE-2017-12941
<= 5.5.6
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.
9.8
CRITICAL
CVE-2017-12940
<= 5.5.6
libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 fun
9.8
CRITICAL
CVE-2017-12938
<= 5.5.6
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to
7.5
HIGH
CVE-2012-6706
<= 5.5.4
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3
9.8
CRITICAL
CVE-2007-3726
all versions
Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR
CVE-2007-0855
all versions
Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attac
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin