Ubuntu
unrar-nonfree package

unrar has an open security bug

Bug #1975722 reported by Götz Waschk on 2022-05-25

268

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	unrar-nonfree (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file.

This is CVE-2022-30333.

unrar 6.12 is the fixed version, in Ubuntu versioning it would be called 1:6.1.7.

https://nvd.nist.gov/vuln/detail/CVE-2022-30333

Tags:

CVE References

2022-30333

Götz Waschk (goetz-waschk) on 2022-05-25

information type:

Private Security → Public Security

Götz Waschk (goetz-waschk) on 2022-05-25

tags:	added: jammy
tags:	added: bionic focal impish

Revision history for this message

Launchpad Janitor (janitor) wrote on 2022-05-29:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in unrar-nonfree (Ubuntu):
status:	New → Confirmed

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuunrar-nonfree package