PT-2018-3324 · Gnome+6 · File Roller+6

Warsocket

Published

2018-03-14

Updated

2020-11-04

CVE-2019-16680

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: GNOME file-roller versions prior to 3.29.91

Description: The issue allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction. This is related to the sanitize filename function in src/glib-utils.c, which has an insufficient mechanism for limiting the path name to a directory with restricted access. Exploitation of this issue may allow a remote attacker to cause a denial of service through a specially crafted tar archive.

Recommendations: For versions prior to 3.29.91, update to version 3.29.91 or later to resolve the issue. As a temporary workaround, consider restricting the use of the sanitize filename function or avoiding the extraction of tar archives from untrusted sources until a patch is available.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2018-2311

BDU:2019-04774

CESA-2020_4820

CVE-2019-16680

DLA-1938-1

DSA-4537-1

OPENSUSE-SU-2020:0825-1

OPENSUSE-SU-2020_0825-1

RHSA-2020:4820

RHSA-2020_4820

RLSA-2020:4820

SUSE-SU-2020:1088-1

SUSE-SU-2020:1557-1

SUSE-SU-2020_1088-1

SUSE-SU-2020_1557-1

USN-4139-1

Affected Products

Alt Linux

Centos

Red Hat

Rocky Linux

Suse

Ubuntu

File Roller

PT-2018-3324 · Gnome+6 · File Roller+6

CVE-2019-16680

Weakness Enumeration

Related Identifiers

Affected Products

References · 52