rar is vulnerable to directory traversal. The vulnerability exists in RARLAB UnRAR which allows an attacker to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file.
CPE | Name | Operator | Version |
---|---|---|---|
rar:sid | eq | 2:5.5.0-1 | |
rar:buster | eq | 2:5.5.0-1 | |
rar:sid | eq | 2:5.5.0-1 | |
rar:buster | eq | 2:5.5.0-1 | |
rar:bullseye | eq | 2:5.5.0-1 |
packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html
blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
lists.debian.org/debian-lts-announce/2023/08/msg00022.html
security-tracker.debian.org/tracker/CVE-2022-30333
security.gentoo.org/glsa/202309-04
www.rarlab.com/rar/rarlinux-x32-612.tar.gz
www.rarlab.com/rar_add.htm