Directory Traversal Vulnerability in UnRAR by Eugene Roshal
CVE-2017-12938

7.5HIGH

Key Information:

Vendor: Rarlab
Status: Unrar
Vendor: CVE Published:; 18 August 2017

Summary

UnRAR versions prior to 5.5.7 are susceptible to a directory traversal vulnerability that enables remote attackers to access restricted files. This can be achieved by leveraging symbolic links pointing to the current (.) or parent (..) directory, allowing unauthorized file access. This flaw raises significant security concerns as it may expose sensitive information and lead to further exploitation.

References

http://seclists.org/oss-sec/2017/q3/290

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 18, 2017