Known Vulnerabilities for products from Rarlab
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Rarlab".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-38831 json | RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP ... | 7.8 - HIGH | 2023-08-23 | 2023-10-23 |
| CVE-2022-48579 json | UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains. | 7.5 - HIGH | 2023-08-07 | 2023-08-17 |
| CVE-2022-43650 json | This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.... | 7.1 - HIGH | 2023-03-29 | 2023-04-06 |
| CVE-2022-30333 json | RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operat... | 7.5 - HIGH | 2022-05-09 | 2023-09-17 |
| CVE-2019-25677 json | WinRAR 5.61 contains a denial of service vulnerability that allows local attackers to crash the application by placing a malf... | Not Provided | 2026-04-05 | 2026-04-09 |
| CVE-2018-25018 json | UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from Quick... | 7.8 - HIGH | 2021-07-01 | 2021-07-07 |
| CVE-2018-20253 json | In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA... | 7.8 - HIGH | 2019-02-13 | 2019-10-09 |
| CVE-2018-20252 json | In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE a... | 7.8 - HIGH | 2019-02-05 | 2019-10-09 |
| CVE-2018-20251 json | In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the... | 5.5 - MEDIUM | 2019-02-05 | 2019-10-09 |
| CVE-2018-20250 json | In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the... | 7.8 - HIGH | 2019-02-05 | 2019-10-09 |
| CVE-2017-20006 json | UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract:... | 7.8 - HIGH | 2021-07-01 | 2021-07-07 |
| CVE-2017-14122 json | unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and ... | 9.1 - CRITICAL | 2017-09-03 | 2021-02-25 |
| CVE-2017-14121 json | The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference ... | 5.5 - MEDIUM | 2017-09-03 | 2021-10-18 |
| CVE-2017-14120 json | unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of ... | 7.5 - HIGH | 2017-09-03 | 2021-02-25 |
| CVE-2017-12942 json | libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function. | 9.8 - CRITICAL | 2017-08-18 | 2018-06-16 |
| CVE-2017-12941 json | libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function. | 9.8 - CRITICAL | 2017-08-18 | 2018-06-16 |
| CVE-2017-12940 json | libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader1... | 9.8 - CRITICAL | 2017-08-18 | 2018-06-16 |
| CVE-2017-12938 json | UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symli... | 7.5 - HIGH | 2017-08-18 | 2017-08-29 |
| CVE-2015-5663 json | The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file w... | 7.4 - HIGH | 2015-12-30 | 2016-12-06 |
| CVE-2014-9983 json | Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained ... | 5.5 - MEDIUM | 2017-06-04 | 2017-06-12 |