VYPR
Medium severity5.5NVD Advisory· Published Jun 4, 2017· Updated Jun 17, 2026

CVE-2014-9983

CVE-2014-9983

Description

Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive.

Affected products

19
  • Rarlab/Rar19 versions
    cpe:2.3:a:rarlab:rar:4.00:*:*:*:*:*:*:*+ 18 more
    • cpe:2.3:a:rarlab:rar:4.00:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:rar:4.01:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:rar:4.10:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:rar:4.11:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:rar:4.20:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:rar:5.00:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:rar:5.01:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:rar:5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:rar:5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:rar:5.20:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:rar:5.21:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:rar:5.30:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:rar:5.31:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:rar:5.40:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:rar:5.50:*:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:rar:5.50:beta1:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:rar:5.50:beta2:*:*:*:*:*:*
    • cpe:2.3:a:rarlab:rar:5.50:beta3:*:*:*:*:*:*
    • (no CPE)range: 4.x, 5.x

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.