CVE-2017-12938

HIGH

UnRAR < 5.5.6 - Path Traversal via Symlink Manipulation

Title source: llm
STIX 2.1

Description

UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.

References (1)

Core 1
Core References
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/oss-sec/2017/q3/290

Scores

CVSS v3 7.5
EPSS 0.0357
EPSS Percentile 88.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
rarlab/unrar < 5.5.6
Published Aug 18, 2017
Tracked Since Feb 18, 2026