CVE-2018-20250

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.
Configurations

Configuration 1

cpe:2.3:a:rarlab:winrar:*:*:*:*:*:*:*:*

Information

Published : 2019-02-05 08:29

Updated : 2019-10-09 11:39


NVD link : CVE-2018-20250

Mitre link : CVE-2018-20250

Products Affected
CWE