Junrar Path Traversal Vulnerability in LocalFolderExtractor Allowing Arbitrary File Writing

A path traversal vulnerability has been identified in the Junrar library, specifically in versions prior to 7.5.10. The issue resides in the LocalFolderExtractor component, where improper validation of file paths allows an attacker to write arbitrary files with controlled content into sibling directories. This vulnerability is triggered when a crafted RAR archive is extracted, exploiting the archive's entry names to traverse directories and overwrite or create files outside the intended extraction path.

Impact

Exploitation of this vulnerability allows for arbitrary file writing in sibling directories, with the potential to overwrite existing files or create new ones with attacker-controlled content.

Reproduction

To reproduce this vulnerability, extract a crafted RAR archive using Junrar version prior to 7.5.10. The archive should contain file entries designed to exploit the path traversal flaw, such as filenames that include sibling directory traversal sequences. When the archive is extracted, the files will be written to sibling directories of the extraction path, demonstrating the path traversal vulnerability.

Remediation

Users can upgrade to Junrar version 7.5.10 or later, where this vulnerability has been fixed.