CVE-2014-9983
MEDIUMRAR 4.x and 5.x - Path Traversal via Symlink Following
Title source: llmDescription
Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774172
Scores
CVSS v3
5.5
EPSS
0.0177
EPSS Percentile
75.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (15)
rarlab/rar
4.00
rarlab/rar
4.01
rarlab/rar
4.10
rarlab/rar
4.11
rarlab/rar
4.20
rarlab/rar
5.00
rarlab/rar
5.01
rarlab/rar
5.10
rarlab/rar
5.11
rarlab/rar
5.20
... and 5 more
Published
Jun 04, 2017
Tracked Since
Feb 18, 2026