CVE-2014-9983
5.5
MEDIUM
CVSS 3.1
EPSS 0.26%
Description
Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive.
How to fix CVE-2014-9983
To remediate CVE-2014-9983, upgrade the affected package to a fixed version below.
- Debian/rar—upgrade to 2:5.3.b2-1 or later
Is CVE-2014-9983 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2:5.3.b2-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |