Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv3

CVE-2019-16680

Published: 21/09/2019 Updated: 20/12/2019
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 231
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Subscribe to File-roller

Vulnerability Summary

An issue exists in GNOME file-roller prior to 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome file-roller

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

debian debian linux 8.0

debian debian linux 9.0

redhat enterprise linux 7.0

redhat enterprise linux 8.0

Vendor Advisories

Red Hat: Moderate: file-roller security update
Synopsis Moderate: file-roller security update Type/Severity Security Advisory: Moderate Topic An update for file-roller is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Ubuntu Security Notice: file-roller vulnerability
File Roller could be made to overwrite sensitive files if it received a specially crafted TAR file ...
Debian Security Advisories: DSA-4537-1 file-roller -- security update
It was discovered that file-roller, an archive manager for GNOME, does not properly handle the extraction of archives with a single // in a file path An attacker able to provide a specially crafted archive for processing can take advantage of this flaw to overwrite files if a user is dragging a specific file or map to a location to extract to ...

References

CWE-22https://gitlab.gnome.org/GNOME/file-roller/commit/57268e51e59b61c9e3125eb0f65551c7084297e2https://bugzilla.gnome.org/show_bug.cgi?id=794337https://gitlab.gnome.org/GNOME/file-roller/commit/e8fb3e24dae711e4fb0d6777e0016cdda8787bc1https://usn.ubuntu.com/4139-1/https://www.debian.org/security/2019/dsa-4537https://seclists.org/bugtraq/2019/Sep/57https://lists.debian.org/debian-lts-announce/2019/09/msg00032.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1767594https://access.redhat.com/errata/RHSA-2020:4820https://usn.ubuntu.com/4139-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAPCVE-2024-4367server-side request forgeryinformation disclosureCVE-2024-34342CVE-2024-4281CVE-2024-3507CVE-2024-25560CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook