CVE-2022-48579
https://notcve.org/view.php?id=CVE-2022-48579
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. UnRAR en las versiones anteriores a la 6.2.3 permite la extracción de archivos fuera de la carpeta de destino mediante cadenas de enlaces simbólicos. • https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee https://lists.debian.org/debian-lts-announce/2023/08/msg00023.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2022-30333 – RARLAB UnRAR Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2022-30333
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected. RARLAB UnRAR versiones hasta 6.12, en Linux y UNIX permite un salto de directorio para escribir en los archivos durante una operación de extracción (también se conoce como desempaquetado), como es demostrado creando un archivo ~/.ssh/authorized_keys. NOTA: WinRAR y Android RAR no están afectados RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation. • https://github.com/aslitsecurity/Zimbra-CVE-2022-30333 https://github.com/TheL1ghtVn/CVE-2022-30333-PoC https://github.com/J0hnbX/CVE-2022-30333 http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html https://security.gentoo.org/glsa/202309-04 https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz https://www.rarlab.com/rar_add.h • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-20006
https://notcve.org/view.php?id=CVE-2017-20006
UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile). UnRAR versiones 5.6.1.2 y 5.6.1.3, presenta un desbordamiento de búfer en la región heap de la memoria en la función Unpack::CopyString (llamado desde Unpack::Unpack5 y CmdExtract::ExtractCurrentFile) • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373 https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml • CWE-787: Out-of-bounds Write •