It was discovered that UnRAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. (CVE-2022-30333, CVE-2022-48579)
It was discovered that UnRAR incorrectly handled certain recovery volumes. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-40477)
Siddharth Dushantha discovered that UnRAR incorrectly handled ANSI escape sequences when writing screen output. If a user or automated system were tricked into processing a specially crafted RAR archive, a remote attacker could possibly use this issue to spoof screen output or cause a denial of service. (CVE-2024-33899)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1:6.1.5-1ubuntu0.1", "binary_name": "libunrar-dev" }, { "binary_version": "1:6.1.5-1ubuntu0.1", "binary_name": "libunrar-headers" }, { "binary_version": "1:6.1.5-1ubuntu0.1", "binary_name": "libunrar5" }, { "binary_version": "1:6.1.5-1ubuntu0.1", "binary_name": "libunrar5-dbgsym" }, { "binary_version": "1:6.1.5-1ubuntu0.1", "binary_name": "unrar" }, { "binary_version": "1:6.1.5-1ubuntu0.1", "binary_name": "unrar-dbgsym" } ] }