Rarlab Unrar
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Rarlab Unrar.
Known Exploited Rarlab Unrar Vulnerabilities
The following Rarlab Unrar vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| RARLAB UnRAR Directory Traversal Vulnerability |
RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation. CVE-2022-30333 Exploit Probability: 92.8% |
August 9, 2022 |
The vulnerability CVE-2022-30333: RARLAB UnRAR Directory Traversal Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.
By the Year
In 2026 there have been 0 vulnerabilities in Rarlab Unrar. Unrar did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 7.50 |
It may take a day or so for new Unrar vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Rarlab Unrar Security Vulnerabilities
UnRAR <6.2.3 Symlink Path Traversal
CVE-2022-48579
7.5 - High
- August 07, 2023
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
insecure temporary file
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form
CVE-2017-14120
- September 03, 2017
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.
The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers
CVE-2017-14121
- September 03, 2017
The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a NULL pointer dereference flaw triggered by a crafted RAR archive. NOTE: this may be the same as one of the several test cases in the CVE-2017-11189 references.
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers
CVE-2017-14122
- September 03, 2017
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based buffer over-read in unrarlib.c, related to ExtrFile and stricomp.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Rarlab Unrar or by Rarlab? Click the Watch button to subscribe.
