|Description||RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)|
|Debian Bugs||1010837, 1012228|
Vulnerable and fixed packages
The table below lists information on source packages.
|rar (PTS)||buster/non-free, bullseye/non-free||2:5.5.0-1||vulnerable|
The information below is based on the following data on fixed versions.
[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
[bullseye] - rar <no-dsa> (Non-free not supported)
[buster] - rar <no-dsa> (Non-free not supported)
[stretch] - rar <no-dsa> (Non-free not supported)
6.12 application version corresponds to 6.1.7 source version: