VULHUB ™

WinRAR does not properly display '../' sequences contained in paths for .tar archives. When an archive is displayed to the user, any '../' sequences are displayed as a '..'. This could allow a user to believe that the extraction path is the legitimate '..' directory entry and distribute or pass along a malicious .tar archive.

WinRAR does not properly display '../' sequences contained in paths for .tar archives. When an archive is displayed to the user, any '../' sequences are displayed as a '..'. This could allow a user to believe that the extraction path is the legitimate '..' directory entry and distribute or pass along a malicious .tar archive.