CVE-2022-30333 - RARLAB UnRAR Directory Traversal Vulnerability

RARLAB | UnRAR

• Date Added:
• 2022-08-09

• Due Date:
• 2022-08-30

Vulnerability Name

RARLAB UnRAR Directory Traversal Vulnerability

Description

RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

Vulnerability updated with version 6.12. Accessing link will download update information: https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz; https://nvd.nist.gov/vuln/detail/CVE-2022-30333

Latest Security News

Microsoft: Hackers steal emails in device code phishing attacks

Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls

Hackers exploit authentication bypass in Palo Alto Networks PAN-OS

New "whoAMI" Attack Exploits AWS AMI Name Confusion for Remote Code Execution

This Security Firm's 'Bias' Is Also Its Superpower

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

SonicWall firewall bug leveraged in attacks after PoC exploit release

PirateFi game on Steam caught installing password-stealing malware

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumMissing Anti-clickjacking Header

MediumAbsence of Anti-CSRF Tokens

InformationalInformation Disclosure - Suspicious Comments

MediumContent Security Policy (CSP) Header Not Set

InformationalModern Web Application

LowCross-Domain JavaScript Source File Inclusion

InformationalRe-examine Cache-control Directives

LowX-Content-Type-Options Header Missing

Latest CVE List

CVE-2024-57727 SimpleHelp Path Traversal Vulnerability

CVE-2024-41710 Mitel SIP Phones Argument Injection Vulnerability

CVE-2025-24200 Apple iOS and iPadOS Incorrect Authorization Vulnerability

CVE-2025-21391 Microsoft Windows Storage Link Following Vulnerability

CVE-2025-21418 Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability

CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability

CVE-2024-40891 Zyxel DSL CPE OS Command Injection Vulnerability

CVE-2025-0994 Trimble Cityworks Deserialization Vulnerability

CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability

CVE-2022-23748 Dante Discovery Process Control Vulnerability

Common CWEs

CWE-239 Failure to Handle Incomplete Element

CWE-1220 Insufficient Granularity of Access Control

CWE-788 Access of Memory Location After End of Buffer

CWE-343 Predictable Value Range from Previous Values

CWE-247 DEPRECATED: Reliance on DNS Lookups in a Security Decision

HighCWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-1395 Dependency on Vulnerable Third-Party Component

CWE-685 Function Call With Incorrect Number of Arguments

CWE-1114 Inappropriate Whitespace Style

HighCWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')