Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.3
CVSSv2

CVE-2020-11736

Published: 13/04/2020 Updated: 27/04/2022
CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4
CVSS v3 Base Score: 3.9 | Impact Score: 2.5 | Exploitability Score: 1.3
VMScore: 294
Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P
Subscribe to File-roller

Vulnerability Summary

fr-archive-libarchive.c in GNOME file-roller up to and including 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome file-roller

debian debian linux 8.0

canonical ubuntu linux 18.04

canonical ubuntu linux 19.10

canonical ubuntu linux 20.04

canonical ubuntu linux 16.04

Vendor Advisories

Red Hat: Moderate: file-roller security update
Synopsis Moderate: file-roller security update Type/Severity Security Advisory: Moderate Topic An update for file-roller is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Debian CVElist Bug Report Logs: file-roller: CVE-2020-11736: do not follow external links when extracting files
Debian Bug report logs - #956638 file-roller: CVE-2020-11736: do not follow external links when extracting files Package: src:file-roller; Maintainer for src:file-roller is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 13 Apr ...
Ubuntu Security Notice: file-roller vulnerability
File Roller could be made to expose sensitive information ...
Arch Linux Issues:
fr-archive-libarchivec in GNOME file-roller through 3361 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location ...

References

CWE-22CWE-59https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0https://lists.debian.org/debian-lts-announce/2020/04/msg00013.htmlhttps://usn.ubuntu.com/4332-1/https://usn.ubuntu.com/4332-2/https://security.gentoo.org/glsa/202009-06https://access.redhat.com/errata/RHSA-2020:4820https://usn.ubuntu.com/4332-2/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook