RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report
https://www.rarlab.com/rar_add.htm
https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz
https://security.gentoo.org/glsa/202309-04
https://lists.debian.org/debian-lts-announce/2023/08/msg00022.html