Ib qho kev tsis haum xeeb tau raug txheeb xyuas nyob rau hauv unrar utility (CVE-2022-30333), uas tso cai, thaum unpacking ib tug tshwj xeeb tsim archive, overwrite cov ntaub ntawv sab nraum cov ntaub ntawv tam sim no, raws li cov neeg siv txoj cai tso cai. Qhov teeb meem tau raug kho nyob rau hauv RAR 6.12 thiab unrar 6.1.7 tso tawm. Qhov teeb meem tshwm sim nws tus kheej hauv Linux, FreeBSD thiab macOS versions, tab sis tsis cuam tshuam rau Android thiab Windows tsim.
Qhov teeb meem yog tshwm sim los ntawm qhov tsis muaj kev tshuaj xyuas zoo ntawm "/.." ib ntus hauv cov ntaub ntawv txoj hauv kev tau teev tseg hauv cov ntaub ntawv khaws cia, uas tso cai rau koj mus dhau ntawm thaj tsam ntawm lub hauv paus directory thaum unpacking. Piv txwv li, los ntawm kev tso "../.ssh/authorized_keys" nyob rau hauv lub archive, ib tug attacker yuav sim overwrite tus neeg siv cov ntaub ntawv "~/.ssh/authorized_keys" thaum lub sij hawm unpacking.
Tau qhov twg los: opennet.ru