CVE-2018-20250 — HIGH (7.8)

Q: How severe is CVE-2018-20250?

CVE-2018-20250 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-20250?

Check the references section above for vendor advisories and patch information. Affected products include: Rarlab Winrar.

Vulnerability Description

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Rarlab	Winrar	<= 5.61

Related Weaknesses (CWE)

CWE-22 CWE-36

References

http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-ValidExploitThird Party AdvisoryVDB Entry
http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_aceThird Party Advisory
http://www.securityfocus.com/bid/106948Broken LinkThird Party AdvisoryVDB Entry
https://github.com/blau72/CVE-2018-20250-WinRAR-ACEExploitThird Party Advisory
https://research.checkpoint.com/extracting-code-execution-from-winrar/ExploitPress/Media CoverageThird Party Advisory
https://www.exploit-db.com/exploits/46552/ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/46756/ExploitThird Party AdvisoryVDB Entry
https://www.win-rar.com/whatsnew.htmlRelease Notes
http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-ValidExploitThird Party AdvisoryVDB Entry
http://www.rapid7.com/db/modules/exploit/windows/fileformat/winrar_aceThird Party Advisory
http://www.securityfocus.com/bid/106948Broken LinkThird Party AdvisoryVDB Entry
https://github.com/blau72/CVE-2018-20250-WinRAR-ACEExploitThird Party Advisory
https://research.checkpoint.com/extracting-code-execution-from-winrar/ExploitPress/Media CoverageThird Party Advisory
https://www.exploit-db.com/exploits/46552/ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/46756/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2018-20250?

CVE-2018-20250 is a vulnerability with a CVSS score of 7.8 (HIGH). In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with s...

How severe is CVE-2018-20250?

CVE-2018-20250 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-20250?

Check the references section above for vendor advisories and patch information. Affected products include: Rarlab Winrar.