HIGH 7.8
KEV
CVE-2018-20250
EN In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
CVSS v3
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA Known Exploited Vulnerability
- Ajouté au KEV
- 2022-02-15
- Deadline remédiation
- 2022-08-15
- Action requise
- Apply updates per vendor instructions.
- Ransomware
- Oui — campagne ransomware connue
Apps suivies affectées
Configurations CPE vulnérables
| Vendor | Produit | Plateforme | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| rarlab | winrar | Windows | ≤5.61 | cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:* |