{"id":"CVE-2022-30333","details":"RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.","modified":"2026-04-16T00:08:31.629637929Z","published":"2022-05-09T08:15:06.937Z","related":["SUSE-SU-2022:1760-1"],"references":[{"type":"WEB","url":"https://www.rarlab.com/rar_add.htm"},{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-30333"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202309-04"},{"type":"FIX","url":"https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/167989/Zimbra-UnRAR-Path-Traversal.html"},{"type":"EVIDENCE","url":"https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"6.12"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-30333.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}