CVE-2022-48579

Publication date 7 August 2023

Last updated 12 March 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

7.5 · High

Score breakdown

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.

Status

Package Ubuntu Release Status
unrar-nonfree 24.10 oracular
Not affected
24.04 LTS noble
Not affected
23.10 mantic
Not affected
23.04 lunar
Not affected
22.04 LTS jammy
Fixed 1:6.1.5-1ubuntu0.1
20.04 LTS focal
Fixed 1:5.6.6-2ubuntu0.1
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation
14.04 LTS trusty Ignored end of standard support

Severity score breakdown

Parameter Value
Base score 7.5 · High
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N