CVE-2022-30333 - Vulnerability Details - OpenCVE

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is in the KEV database since Aug. 9, 2022.

Exploitation active

Automatable yes

Technical Impact partial

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel
Opengroup	Unix
Rarlab	Unrar

Configuration 1 [-]

AND

cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:opengroup:unix:-:::::::*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html
https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html
https://security.gentoo.org/glsa/202309-04
https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz
https://www.rarlab.com/rar_add.htm

History

Wed, 29 Jan 2025 17:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-59
Metrics		kev `{'dateAdded': '2022-08-09'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-05-09T00:00:00.000Z

Updated: 2025-01-29T16:18:20.605Z

Reserved: 2022-05-07T00:00:00.000Z

Link: CVE-2022-30333

Vulnrichment

Updated: 2024-08-03T06:48:35.705Z

NVD

Status : Modified

Published: 2022-05-09T08:15:06.937

Modified: 2025-01-29T17:15:20.117

Link: CVE-2022-30333

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-30333", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-01-29T16:18:20.605Z", "dateReserved": "2022-05-07T00:00:00.000Z", "datePublished": "2022-05-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-17T06:06:09.291Z"}, "descriptions": [{"lang": "en", "value": "RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.rarlab.com/rar_add.htm"}, {"url": "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz"}, {"url": "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/"}, {"url": "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html"}, {"name": "[debian-lts-announce] 20230817 [SECURITY] [DLA 3534-1] rar security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html"}, {"name": "GLSA-202309-04", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202309-04"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:48:35.705Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.rarlab.com/rar_add.htm", "tags": ["x_transferred"]}, {"url": "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz", "tags": ["x_transferred"]}, {"url": "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230817 [SECURITY] [DLA 3534-1] rar security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html"}, {"name": "GLSA-202309-04", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202309-04"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-59", "lang": "en", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-29T16:18:17.553759Z", "id": "CVE-2022-30333", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-08-09", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-30333"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T16:18:20.605Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.rarlab.com/rar_add.htm", "tags": ["x_transferred"]}, {"url": "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz", "tags": ["x_transferred"]}, {"url": "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html", "name": "[debian-lts-announce] 20230817 [SECURITY] [DLA 3534-1] rar security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202309-04", "name": "GLSA-202309-04", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:48:35.705Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-30333", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-29T16:18:17.553759Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-08-09", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-30333"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T16:18:10.061Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.rarlab.com/rar_add.htm"}, {"url": "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz"}, {"url": "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/"}, {"url": "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html", "name": "[debian-lts-announce] 20230817 [SECURITY] [DLA 3534-1] rar security update", "tags": ["mailing-list"]}, {"url": "https://security.gentoo.org/glsa/202309-04", "name": "GLSA-202309-04", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-17T06:06:09.291Z"}}}, "cveMetadata": {"cveId": "CVE-2022-30333", "state": "PUBLISHED", "dateUpdated": "2025-01-29T16:18:20.605Z", "dateReserved": "2022-05-07T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2022-05-09T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-08-30", "cisaExploitAdd": "2022-08-09", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "RARLAB UnRAR Directory Traversal Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rarlab:unrar:*:*:*:*:*:*:*:*", "matchCriteriaId": "35D143B1-7FE7-4580-886E-4A54F6AB0CD9", "versionEndExcluding": "6.12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected."}, {"lang": "es", "value": "RARLAB UnRAR versiones hasta 6.12, en Linux y UNIX permite un salto de directorio para escribir en los archivos durante una operaci\u00f3n de extracci\u00f3n (tambi\u00e9n se conoce como desempaquetado), como es demostrado creando un archivo ~/.ssh/authorized_keys. NOTA: WinRAR y Android RAR no est\u00e1n afectados"}], "id": "CVE-2022-30333", "lastModified": "2025-01-29T17:15:20.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-05-09T08:15:06.937", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202309-04"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.rarlab.com/rar_add.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202309-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.rarlab.com/rar_add.htm"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-59"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}