Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.

Published

2023-08-07T04:15:12.073

Last Modified

2024-11-21T07:33:32.017

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-59

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rarlab	unrar	< 6.2.3	Yes

References

https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee Patch ([email protected])
https://lists.debian.org/debian-lts-announce/2023/08/msg00023.html ([email protected])
https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/08/msg00023.html (af854a3a-2127-422b-91ae-364da2661108)