Path Traversal in Rarlab Rar

CVE-2014-9983

Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.018 (75.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N.

Affected products

  • Rarlab Rar — versions 4.00, 4.01, 4.10
  • N/a — versions n/a

Weakness classification (CWE)

References

  • cve@mitre.org (x_refsource_CONFIRM, Exploit, Third Party Advisory)

Frequently asked questions

What is CVE-2014-9983?
CVE-2014-9983 is a medium-severity vulnerability in Rarlab Rar, classified under Path Traversal. CVSS score: 5.5/10. Published 2017-06-04.
How severe is CVE-2014-9983?
Medium severity. CVSS v3 base score is 5.5 out of 10.