CVE-2022-30333
RARLAB UnRAR Directory Traversal Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
9Exploited in Wild
YesDecision
Descriptions
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
RARLAB UnRAR versiones hasta 6.12, en Linux y UNIX permite un salto de directorio para escribir en los archivos durante una operación de extracción (también se conoce como desempaquetado), como es demostrado creando un archivo ~/.ssh/authorized_keys. NOTA: WinRAR y Android RAR no están afectados
It was discovered that UnRAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. It was discovered that UnRAR incorrectly handled certain recovery volumes. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to execute arbitrary code.
RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2022-05-07 CVE Reserved
- 2022-05-09 CVE Published
- 2022-07-05 First Exploit
- 2022-08-09 Exploited in Wild
- 2022-08-30 KEV Due Date
- 2025-01-29 CVE Updated
- 2025-04-03 EPSS Updated
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (17)
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/181497 | 2024-09-12 | |
| https://packetstorm.news/files/id/167989 | 2022-08-05 | |
| https://github.com/aslitsecurity/Zimbra-CVE-2022-30333 | 2022-07-26 | |
| https://github.com/TheL1ghtVn/CVE-2022-30333-PoC | 2022-07-05 | |
| https://github.com/J0hnbX/CVE-2022-30333 | 2022-07-18 | |
| https://github.com/rbowes-r7/unrar-cve-2022-30333-poc | 2024-08-12 | |
| https://github.com/paradox0909/cve-2022-30333_online_rar_extracor | 2024-06-10 | |
| http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html | 2025-01-29 | |
| https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day | 2025-01-29 |
| URL | Date | SRC |
|---|---|---|
| https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz | 2024-06-28 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202309-04 | 2024-06-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Rarlab Search vendor "Rarlab" | Unrar Search vendor "Rarlab" for product "Unrar" | < 6.12 Search vendor "Rarlab" for product "Unrar" and version " < 6.12" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Rarlab Search vendor "Rarlab" | Unrar Search vendor "Rarlab" for product "Unrar" | < 6.12 Search vendor "Rarlab" for product "Unrar" and version " < 6.12" | - |
Affected
| in | Opengroup Search vendor "Opengroup" | Unix Search vendor "Opengroup" for product "Unix" | - | - |
Safe
|
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||