CVE-2014-9983
Summary
| CVE | CVE-2014-9983 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-06-04 23:29:00 UTC |
| Updated | 2017-06-12 14:51:00 UTC |
| Description | Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Rarlab | Rar | 4.00 | All | All | All |
| Application | Rarlab | Rar | 4.01 | All | All | All |
| Application | Rarlab | Rar | 4.10 | All | All | All |
| Application | Rarlab | Rar | 4.11 | All | All | All |
| Application | Rarlab | Rar | 4.20 | All | All | All |
| Application | Rarlab | Rar | 5.00 | All | All | All |
| Application | Rarlab | Rar | 5.01 | All | All | All |
| Application | Rarlab | Rar | 5.10 | All | All | All |
| Application | Rarlab | Rar | 5.11 | All | All | All |
| Application | Rarlab | Rar | 5.20 | All | All | All |
| Application | Rarlab | Rar | 5.21 | All | All | All |
| Application | Rarlab | Rar | 5.30 | All | All | All |
| Application | Rarlab | Rar | 5.31 | All | All | All |
| Application | Rarlab | Rar | 5.40 | All | All | All |
| Application | Rarlab | Rar | 5.50 | All | All | All |
| Application | Rarlab | Rar | 5.50 | beta1 | All | All |
| Application | Rarlab | Rar | 5.50 | beta2 | All | All |
| Application | Rarlab | Rar | 5.50 | beta3 | All | All |
| Application | Rarlab | Rar | 4.00 | All | All | All |
| Application | Rarlab | Rar | 4.01 | All | All | All |
| Application | Rarlab | Rar | 4.10 | All | All | All |
| Application | Rarlab | Rar | 4.11 | All | All | All |
| Application | Rarlab | Rar | 4.20 | All | All | All |
| Application | Rarlab | Rar | 5.00 | All | All | All |
| Application | Rarlab | Rar | 5.01 | All | All | All |
| Application | Rarlab | Rar | 5.10 | All | All | All |
| Application | Rarlab | Rar | 5.11 | All | All | All |
| Application | Rarlab | Rar | 5.20 | All | All | All |
| Application | Rarlab | Rar | 5.21 | All | All | All |
| Application | Rarlab | Rar | 5.30 | All | All | All |
| Application | Rarlab | Rar | 5.31 | All | All | All |
| Application | Rarlab | Rar | 5.40 | All | All | All |
| Application | Rarlab | Rar | 5.50 | All | All | All |
| Application | Rarlab | Rar | 5.50 | beta1 | All | All |
| Application | Rarlab | Rar | 5.50 | beta2 | All | All |
| Application | Rarlab | Rar | 5.50 | beta3 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| #774172 - rar: CVE-2014-9983: symlink directory traversal - Debian Bug report logs | CONFIRM | bugs.debian.org | Exploit, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.