Search CVE reports
1 – 10 of 14 results
CVE-2024-36052
Medium priorityRARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899.
1 affected packages
unrar-nonfree
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
unrar-nonfree | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-33899
Medium priorityRARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.
1 affected packages
unrar-nonfree
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
unrar-nonfree | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-40477
Medium prioritySome fixes available 7 of 19
RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR....
3 affected packages
libclamunrar, rar, unrar-nonfree
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libclamunrar | Not affected | Fixed | Fixed | Vulnerable | Vulnerable |
rar | Fixed | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
unrar-nonfree | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2022-48579
Medium priorityUnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
1 affected packages
unrar-nonfree
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
unrar-nonfree | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-30333
High prioritySome fixes available 6 of 18
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
3 affected packages
libclamunrar, rar, unrar-nonfree
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libclamunrar | Not affected | Fixed | Fixed | Vulnerable | Vulnerable |
rar | Fixed | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
unrar-nonfree | Not affected | Vulnerable | Vulnerable | Vulnerable | Needs evaluation |
CVE-2018-25018
Medium priorityUnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.
1 affected packages
unrar-nonfree
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
unrar-nonfree | Needs evaluation | Needs evaluation | Vulnerable | Needs evaluation | Needs evaluation |
CVE-2017-20006
Medium priorityUnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).
1 affected packages
unrar-nonfree
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
unrar-nonfree | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
CVE-2017-12942
Medium prioritylibunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.
1 affected packages
unrar-nonfree
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
unrar-nonfree | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2017-12941
Low prioritylibunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.
1 affected packages
unrar-nonfree
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
unrar-nonfree | Not affected | Not affected | Not affected | Not affected | Vulnerable |
CVE-2017-12940
Low prioritylibunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.
1 affected packages
unrar-nonfree
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
unrar-nonfree | Not affected | Not affected | Not affected | Not affected | Vulnerable |