Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| arjsoftware | unarj | 2.62 |
| gentoo | linux | * |
| arjsoftware | unarj | 2.64 |
| debian | debian_linux | 3.0 |
| arjsoftware | unarj | 2.63 |
| arjsoftware | unarj | 2.65 |