Source: unrar-free Version: 1:0.0.1+cvs20140707-1 Severity: grave Tags: security upstream
Hi >From http://www.openwall.com/lists/oss-security/2017/08/20/1 Issue 1: Directory Traversal Creating a rar v2 archive with path names of the form ../[filename] will unpack them into the upper directory. Attached Hanno's POC. Regards, Salvatore
unrar-gpl-directory-traversal.rar
Description: application/rar
_______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
