Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/rar@2:6.23-1~deb11u1?distro=trixie
purl pkg:deb/debian/rar@2:6.23-1~deb11u1?distro=trixie
Next non-vulnerable version 2:6.23-1~deb12u1
Latest non-vulnerable version 2:7.20-1
Risk 1.8
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-gkjf-x8s7-57dn
Aliases:
CVE-2024-33899
RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.
2:7.00-1
Affected by 0 other vulnerabilities.
2:7.01-1~deb12u1
Affected by 0 other vulnerabilities.
2:7.11-1
Affected by 0 other vulnerabilities.
2:7.20-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (6)
Vulnerability Summary Aliases
VCID-b8js-x7uu-wka5 Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number. CVE-2007-3726
VCID-cnah-rewa-vfe5 Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive. CVE-2014-9983
VCID-gjr1-fc83-dfe6 An arbitrary file overwrite vulnerability has been discovered in RAR and UnRAR, potentially resulting in arbitrary code execution. CVE-2022-30333
VCID-m2ca-cwwa-mqcc RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198. CVE-2025-6218
VCID-pu5p-qncp-nyb9 RAR and UnRAR contain a buffer overflow allowing the execution of arbitrary code. CVE-2007-0855
VCID-xz6c-axe8-8qbn An arbitrary file overwrite vulnerability has been discovered in RAR and UnRAR, potentially resulting in arbitrary code execution. CVE-2023-40477

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:55:58.861938+00:00 Debian Importer Fixing VCID-pu5p-qncp-nyb9 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:54:45.436929+00:00 Debian Importer Fixing VCID-b8js-x7uu-wka5 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:19:56.402919+00:00 Debian Importer Fixing VCID-xz6c-axe8-8qbn https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:59:43.910910+00:00 Debian Importer Fixing VCID-cnah-rewa-vfe5 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:04:38.997050+00:00 Debian Importer Fixing VCID-gjr1-fc83-dfe6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:45:00.219181+00:00 Debian Importer Fixing VCID-m2ca-cwwa-mqcc https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:52:52.692329+00:00 Debian Importer Fixing VCID-pu5p-qncp-nyb9 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:51:55.924545+00:00 Debian Importer Fixing VCID-b8js-x7uu-wka5 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:26:09.963084+00:00 Debian Importer Fixing VCID-xz6c-axe8-8qbn https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:11:28.331452+00:00 Debian Importer Fixing VCID-cnah-rewa-vfe5 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:31:21.153335+00:00 Debian Importer Fixing VCID-gjr1-fc83-dfe6 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:16:13.362169+00:00 Debian Importer Fixing VCID-m2ca-cwwa-mqcc https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:51:51.156054+00:00 Debian Importer Fixing VCID-m2ca-cwwa-mqcc https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:51.092585+00:00 Debian Importer Affected by VCID-gkjf-x8s7-57dn https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:51.055712+00:00 Debian Importer Fixing VCID-xz6c-axe8-8qbn https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:51.002005+00:00 Debian Importer Fixing VCID-gjr1-fc83-dfe6 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:50.951934+00:00 Debian Importer Fixing VCID-cnah-rewa-vfe5 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:50.901125+00:00 Debian Importer Fixing VCID-b8js-x7uu-wka5 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:51:50.849864+00:00 Debian Importer Fixing VCID-pu5p-qncp-nyb9 https://security-tracker.debian.org/tracker/data/json 38.1.0