Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of RARLAB's UnRAR Vulnerability
Alerts

Active Exploitation of RARLAB's UnRAR Vulnerability

10 August 2022

RARLAB has released a security patch to address a directory traversal vulnerability (CVE-2022-30333) in the UnRAR utility for Linux and Unix systems. There have been reports that this vulnerability is being actively exploited.

The affected product versions (only for Linux and Unix systems):

•     UnRAR versions 6.11 and below

Successful exploitation could allow an attacker to deploy a malicious file on the target system by extracting it to an arbitrary location during the unpack operation.

Administrators and users of affected products are advised to upgrade to the latest versions immediately.

References:

https://www.rarlab.com/rarnew.htm

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30333

https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/

Back to top