CVE-2020-11736
Publication date 13 April 2020
Last updated 24 July 2024
Ubuntu priority
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| file-roller | 20.04 LTS focal |
Fixed 3.36.1-1ubuntu0.1
|
| 18.04 LTS bionic |
Fixed 3.28.0-1ubuntu1.2
|
|
| 16.04 LTS xenial |
Fixed 3.16.5-0ubuntu1.4
|
|
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
3.9 · Low
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L |
References
Related Ubuntu Security Notices (USN)
- USN-4332-1
- File Roller vulnerability
- 20 April 2020
- USN-4332-2
- File Roller vulnerability
- 27 April 2020