VYPR
Unrated severityCISA KEVNVD Advisory· Published Feb 5, 2019· Updated Oct 21, 2025

CVE-2018-20250

CVE-2018-20250

Description

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Rarlab/Winrarllm-fuzzy
    Range: <=5.61
  • Check Point Software Technologies Ltd./WinRARv5
    Range: All versions prior and including 5.61

Patches

Vulnerability mechanics

References

7

News mentions

1