Security Advisory

CVE-2018-20250

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-02-05 20:00:00

Last updated 2025-10-21 23:45:43

Assigner checkpoint

State PUBLISHED

Description

In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

← Browse all CVEs View on cve.org ↗