CVE-2020-36314
Publication date 7 April 2021
Last updated 24 July 2024
Ubuntu priority
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| file-roller | ||
| 20.04 LTS focal |
Fixed 3.36.3-0ubuntu1.1
|
|
| 18.04 LTS bionic |
Fixed 3.28.0-1ubuntu1.3
|
|
| 16.04 LTS xenial |
Fixed 3.16.5-0ubuntu1.5
|
|
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
3.9 · Low
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | Low |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L |
References
Related Ubuntu Security Notices (USN)
- USN-4927-1
- File Roller vulnerability
- 26 April 2021