Directory Traversal Vulnerability in UnRAR by Eugene Roshal
CVE-2017-12938

7.5HIGH

Key Information:

Vendor: Rarlab
Status: Unrar
Vendor: CVE Published:; 18 August 2017

What is CVE-2017-12938?

UnRAR versions prior to 5.5.7 are susceptible to a directory traversal vulnerability that enables remote attackers to access restricted files. This can be achieved by leveraging symbolic links pointing to the current (.) or parent (..) directory, allowing unauthorized file access. This flaw raises significant security concerns as it may expose sensitive information and lead to further exploitation.

References

http://seclists.org/oss-sec/2017/q3/290

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 18, 2017

Rarlab

What is CVE-2017-12938?

References

CVSS V3.1

Timeline