unrar has an open security bug
Bug #1975722 reported by
Götz Waschk
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
unrar-nonfree (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/
This is CVE-2022-30333.
unrar 6.12 is the fixed version, in Ubuntu versioning it would be called 1:6.1.7.
CVE References
information type: | Private Security → Public Security |
tags: | added: jammy |
tags: | added: bionic focal impish |
To post a comment you must log in.
Status changed to 'Confirmed' because the bug affects multiple users.