PT-2017-4327 · Rarlab+2 · Unrar+2

Jakub Wilk

Published

2017-08-15

Updated

2021-08-25

CVE-2017-12938

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: UnRAR versions prior to 5.5.7

Description: The issue is related to a directory-traversal protection mechanism. It allows remote attackers to bypass this mechanism, potentially leading to access of confidential data.

Recommendations: For UnRAR versions prior to 5.5.7, update to version 5.5.7 or later to resolve the issue.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2017-2147

BDU:2023-09071

CVE-2017-12938

MGASA-2017-0302

MGASA-2017-0304

SUSE-SU-2018:0862-1

SUSE-SU-2021:2834-1

Affected Products

Alt Linux

Suse

Unrar

PT-2017-4327 · Rarlab+2 · Unrar+2

CVE-2017-12938

Weakness Enumeration

Related Identifiers

Affected Products

References · 35