PT-2020-5640 · Gnome+7 · File Roller+7

Published

2020-04-13

Updated

2024-06-15

CVE-2020-11736

CVSS v3.1

3.9

Low

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions File Roller versions 3.36.1 and earlier

Description The issue allows Directory Traversal during extraction due to a lack of check on whether a file's parent is a symlink to a directory outside of the intended extraction location. This is caused by an incorrect restriction of the path name to a directory with limited access in the fr-archive-libarchive.c component. Exploitation of this issue may allow an attacker to impact the integrity and availability of protected information.

Recommendations For File Roller versions 3.36.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59CWE-22

Related Identifiers

ALSA-2021:4179

ALT-PU-2020-1779

BDU:2021-01340

CESA-2020_4820

CVE-2020-11736

DLA-2180-1

MGASA-2020-0218

OESA-2021-1305

OPENSUSE-SU-2020:0825-1

OPENSUSE-SU-2020_0825-1

OPENSUSE-SU-2024:10756-1

RHSA-2020:4820

RHSA-2020_4820

RLSA-2020:4820

SUSE-SU-2020:1505-1

SUSE-SU-2020:1557-1

SUSE-SU-2020_1505-1

SUSE-SU-2020_1557-1

USN-4332-1

USN-4332-2

Affected Products

Alt Linux

Centos

File Roller

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2020-5640 · Gnome+7 · File Roller+7

CVE-2020-11736

Weakness Enumeration

Related Identifiers

Affected Products

References · 46