vulnerability
Ubuntu: USN-7350-1 (CVE-2022-48579): UnRAR vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Aug 7, 2023 | Mar 13, 2025 | Aug 18, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Aug 7, 2023
Added
Mar 13, 2025
Modified
Aug 18, 2025
Description
UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
Solutions
ubuntu-upgrade-libunrar5ubuntu-upgrade-unrar
References
- CVE-2022-48579
- https://attackerkb.com/topics/CVE-2022-48579
- CWE-59
- UBUNTU-USN-7350-1
- URL-https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee
- URL-https://ubuntu.com/security/notices/USN-7350-1
- URL-https://www.cve.org/CVERecord?id=CVE-2022-48579
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.