It has been reported that a new security vulnerability has been disclosed in RARlab’s UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary. The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive. Following responsible disclosure on May 4, 2022, the shortcoming was addressed by RarLab as part of version 6.12 released on May 6.
UnRAR Vulnerability Lets Attackers Hack Zimbra Webmail Servers
Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics