An gano rauni (CVE-2022-30333) a cikin kayan aikin unrar, wanda ke ba da damar, lokacin da ake cire kayan tarihi na musamman, don sake rubuta fayiloli a wajen kundin adireshi na yanzu, gwargwadon haƙƙin mai amfani. An daidaita batun a cikin fitowar RAR 6.12 da unrar 6.1.7. Rashin lahani yana bayyana a nau'ikan Linux, FreeBSD da macOS, amma baya shafar nau'ikan Android da Windows.
Matsalar ta samo asali ne ta hanyar rashin bincika daidaitattun jerin "/..." a cikin hanyoyin fayil da aka ƙayyade a cikin ma'ajin, wanda ke ba da damar kwashe kayan aiki ya wuce iyakokin kundin adireshin. Misali, ta hanyar sanya "../.ssh/authorized_keys" a cikin ma'ajiyar bayanai, maharin na iya kokarin sake rubuta fayil din mai amfani "~/.ssh/authorized_keys" a lokacin kwashe kaya.
source: budenet.ru