CVE-2014-9983

MEDIUM

Rar - Path Traversal

Title source: rule

Description

Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive.

References (1)

Scores

CVSS v3 5.5
EPSS 0.0026
EPSS Percentile 49.2%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-22
Status published
Products (19)
rarlab/rar
rarlab/rar
rarlab/rar
rarlab/rar
rarlab/rar
rarlab/rar
rarlab/rar
rarlab/rar
rarlab/rar
rarlab/rar
... and 9 more
Published Jun 04, 2017
Tracked Since Feb 18, 2026