CVE-2018-20251

CVE-2018-20251

A validation function (in WinRAR code) is being called before extraction of ACE archives. The validation function inspects the filename field for each compressed file in the ACE archive. In case the filename is disallow by the validator function (for example, the filename contains path traversal patterns) The extraction operation should be aborted and no file or folder should be extracted. However, the check of the return value from the validator function made too late (in UNACEV2.dll), after the creation of files and folders. It prevent the write operation to the extracted files only.

Source: CVE-2018-20251

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다