Vulnerability Description
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | File-Roller | <= 3.36.1 |
| Debian | Debian Linux | 8.0 |
| Canonical | Ubuntu Linux | 16.04 |
Related Weaknesses (CWE)
References
- https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/04/msg00013.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202009-06Third Party Advisory
- https://usn.ubuntu.com/4332-1/Third Party Advisory
- https://usn.ubuntu.com/4332-2/Third Party Advisory
- https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2020/04/msg00013.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202009-06Third Party Advisory
- https://usn.ubuntu.com/4332-1/Third Party Advisory
- https://usn.ubuntu.com/4332-2/Third Party Advisory
FAQ
What is CVE-2020-11736?
CVE-2020-11736 is a vulnerability with a CVSS score of 3.9 (LOW). fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the ...
How severe is CVE-2020-11736?
CVE-2020-11736 has been rated LOW with a CVSS base score of 3.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11736?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome File-Roller, Debian Debian Linux, Canonical Ubuntu Linux.