Published: 17/03/2021 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

autoar-extractor.c in GNOME gnome-autoar prior to 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome gnome-autoar
fedoraproject fedora 34

Debian Bug report logs - #985391 gnome-autoar: CVE-2021-28650 Package: src:gnome-autoar; Maintainer for src:gnome-autoar is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 17 Mar 2021 08:39:01 UTC Severity: important Tags: secu ...

No description is available for this CVE ...

autoar-extractorc in GNOME gnome-autoar before 031, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations NOTE: this issue exists because of an incomplete fix for CVE-2020-36241 ...

CWE-59 https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/8109c368c6cfdb593faaf698c2bf5da32bb1ace4 https://security.gentoo.org/glsa/202105-10 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BN5TVQ7OHZEGY6AGFLAZWCVCI53RYNHQ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985391 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2021-28650

CVE-2021-28650

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect