VDB

DEBIAN-CVE-2017-12938

DEBIAN-CVE-2017-12938 PUBLISHED CVSS 7.5 HIGH

UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.

Risk Scores

CVSS v3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Debian:14unrar-nonfree*, 0, 3.5.2-0.1
Debian:11unrar-nonfree3.5.2-0.1, 3.5.2-0.2, 3.5.4-0.1
Debian:13unrar-nonfree1:4.0.3-1, 0, 3.5.2-0.1
Debian:12unrar-nonfree0, 3.5.2-0.1, 3.5.2-0.2

Timeline

  • Aug 18, 2017 CVE Published
  • Apr 28, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›