CVE-2022-30333
Publication date 9 May 2022
Last updated 10 July 2025
Ubuntu priority
Description
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| unrar-nonfree | 25.04 plucky |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Fixed 1:6.1.5-1ubuntu0.1
|
|
| 20.04 LTS focal |
Fixed 1:5.6.6-2ubuntu0.1
|
|
| 18.04 LTS bionic | Ignored in multiverse | |
| 16.04 LTS xenial | Ignored in multiverse | |
| rar | 25.04 plucky |
Fixed 2:6.23-1
|
| 24.04 LTS noble |
Fixed 2:6.23-1
|
|
| 22.04 LTS jammy |
Fixed 2:6.23-1~22.04.1
|
|
| 20.04 LTS focal |
Fixed 2:6.23-1~20.04.1
|
|
| 18.04 LTS bionic | Ignored in multiverse | |
| 16.04 LTS xenial | Ignored in multiverse | |
| 14.04 LTS trusty | Ignored end of standard support | |
| libclamunrar | 25.04 plucky |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Fixed 0.103.11-0ubuntu0.22.04.1
|
|
| 20.04 LTS focal |
Fixed 0.103.11-0ubuntu0.20.04.1
|
|
| 18.04 LTS bionic | Ignored in multiverse | |
| 16.04 LTS xenial | Ignored in multiverse | |
| 14.04 LTS trusty | Ignored end of standard support |
Notes
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.5 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-6569-1
- libclamunrar vulnerabilities
- 8 January 2024
- USN-7349-1
- RAR vulnerabilities
- 12 March 2025
- USN-7350-1
- UnRAR vulnerabilities
- 12 March 2025