CVE-2018-20250 Vulnerability Details

  /     /     /  

CVE-2018-20250 Metadata Quick Info

CVE Published: 05/02/2019 | CVE Updated: 17/09/2024 | CVE Year: 2018
Source: checkpoint | Vendor: Check Point Software Technologies Ltd. | Product: WinRAR
Status : PUBLISHED

---

CVE-2018-20250 Description

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-36
CWE Name: CWE-36: Absolute Path Traversal
Source: Check Point Software Technologies Ltd.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).