VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-6eas-qu2k-xkb6

Essentials
Severities (23)
References (9)
Severity details (4)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-6eas-qu2k-xkb6
Aliases	CVE-2022-48579
Summary	UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-59

Improper Link Resolution Before File Access ('Link Following')

System	Score	Found at
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00083	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00085	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
epss	0.00143	https://api.first.org/data/v1/epss?cve=CVE-2022-48579
cvssv3.1	5.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc	Track	https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/08/msg00023.html
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-48579

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-48579
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48579
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1050080		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050080
2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee		https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee
cpe:2.3:a:rarlab:unrar::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rarlab:unrar::::::::
CVE-2022-48579		https://nvd.nist.gov/vuln/detail/CVE-2022-48579
msg00023.html		https://lists.debian.org/debian-lts-announce/2023/08/msg00023.html
USN-7350-1		https://usn.ubuntu.com/7350-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T13:56:53Z/ Found at https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T13:56:53Z/ Found at https://lists.debian.org/debian-lts-announce/2023/08/msg00023.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-48579

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.24924
EPSS Score	0.00083
Published At	Aug. 8, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:43:15.261330+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.21/community.json	37.0.0