CVE-2020-11736
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-11736
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11736.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-11736
- Downstream
- Related
- Published
- 2020-04-13T19:15:11.127Z
- Modified
- 2025-11-22T11:03:36.272958Z
- Severity
-
- 3.9 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
- References
Affected packages
Git / github.com/gnome/file-roller
Git / gitlab.gnome.org/GNOME/file-roller
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.gnome.org/GNOME/file-roller
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
3.*
3.0.1
3.0.2
3.1.1
3.1.2
3.1.90
3.1.91
3.1.92
3.10.0
3.10.1
3.11.1
3.11.2
3.11.3
3.11.4
3.11.5
3.11.90
3.11.91
3.11.92
3.12.0
3.12.1
3.13.1
3.13.2
3.13.91
3.13.92
3.14.0
3.14.1
3.15.1
3.15.2
3.15.90
3.15.91
3.15.92
3.16.0
3.16.1
3.16.2
3.16.3
3.16.4
3.19.1
3.19.90
3.19.91
3.2.0
3.2.1
3.20.0
3.20.1
3.20.2
3.21.90
3.21.91
3.22.0
3.22.1
3.22.2
3.22.3
3.23.91
3.23.92
3.24.0
3.24.1
3.25.1
3.25.91
3.26.0
3.26.1
3.27.1
3.27.90
3.27.91
3.28.0
3.29.1
3.29.90
3.29.91
3.3.1
3.3.2
3.3.3
3.3.90
3.3.91
3.3.92
3.30.0
3.30.1
3.31.1
3.31.2
3.31.90
3.31.91
3.31.92
3.32.0
3.32.1
3.32.2
3.35.1
3.35.90
3.35.91
3.35.92
3.36.0
3.36.1
3.4.0
3.4.1
3.4.2
3.5.1
3.5.2
3.5.3
3.5.4
3.5.90
3.5.91
3.5.92
3.6.0
3.6.1
3.6.1.1
3.6.2
3.7.1
3.7.2
3.7.3
3.7.90
3.7.91
3.7.92
3.8.0
3.8.1
3.9.1
3.9.2
3.9.3
3.9.4
3.9.90
3.9.91
3.9.92
Other
FILE_ROLLER_2_13_2
FILE_ROLLER_2_13_4
FILE_ROLLER_2_13_90
FILE_ROLLER_2_13_91
FILE_ROLLER_2_13_92
FILE_ROLLER_2_14_0
FILE_ROLLER_2_14_1
FILE_ROLLER_2_14_2
FILE_ROLLER_2_14_3
FILE_ROLLER_2_15_1
FILE_ROLLER_2_15_90
FILE_ROLLER_2_15_91
FILE_ROLLER_2_15_92
FILE_ROLLER_2_15_93
FILE_ROLLER_2_16_0
FILE_ROLLER_2_16_1
FILE_ROLLER_2_17_1
FILE_ROLLER_2_17_2
FILE_ROLLER_2_17_3
FILE_ROLLER_2_17_4
FILE_ROLLER_2_17_5
FILE_ROLLER_2_17_90
FILE_ROLLER_2_17_91
FILE_ROLLER_2_17_92
FILE_ROLLER_2_18_0
FILE_ROLLER_2_19_1
FILE_ROLLER_2_19_2
FILE_ROLLER_2_19_3
FILE_ROLLER_2_19_4
FILE_ROLLER_2_19_90
FILE_ROLLER_2_19_91
FILE_ROLLER_2_19_92
FILE_ROLLER_2_20_0
FILE_ROLLER_2_20_1
FILE_ROLLER_2_20_2
FILE_ROLLER_2_21_1
FILE_ROLLER_2_21_2
FILE_ROLLER_2_21_91
FILE_ROLLER_2_21_92
FILE_ROLLER_2_22_0
FILE_ROLLER_2_23_1
FILE_ROLLER_2_23_2
FILE_ROLLER_2_23_3
FILE_ROLLER_2_23_4
FILE_ROLLER_2_23_5
FILE_ROLLER_2_23_6
FILE_ROLLER_2_23_91
FILE_ROLLER_2_23_92
FILE_ROLLER_2_24_0
FILE_ROLLER_2_24_1
FILE_ROLLER_2_24_2
FILE_ROLLER_2_25_1
FILE_ROLLER_2_25_2
FILE_ROLLER_2_25_90
FILE_ROLLER_2_25_91
FILE_ROLLER_2_25_92
FILE_ROLLER_2_26_0
FILE_ROLLER_2_26_1
FILE_ROLLER_2_27_1
FILE_ROLLER_2_27_2
FILE_ROLLER_2_27_3
FILE_ROLLER_2_27_90
FILE_ROLLER_2_27_91
FILE_ROLLER_2_27_92
FILE_ROLLER_2_28_0
FILE_ROLLER_2_28_1
FILE_ROLLER_2_29_1
FILE_ROLLER_2_29_2
FILE_ROLLER_2_29_3
FILE_ROLLER_2_29_4
FILE_ROLLER_2_29_5
FILE_ROLLER_2_29_90
FILE_ROLLER_2_29_91
FILE_ROLLER_2_29_92
FILE_ROLLER_2_30_0
FILE_ROLLER_2_30_1
FILE_ROLLER_2_30_1_1
FILE_ROLLER_2_31_1
FILE_ROLLER_2_31_2
FILE_ROLLER_2_31_3
FILE_ROLLER_2_31_4
FILE_ROLLER_2_31_5
FILE_ROLLER_2_31_90
FILE_ROLLER_2_31_91
FILE_ROLLER_2_31_92
FILE_ROLLER_2_32_0
FILE_ROLLER_2_4_0_1
FILE_ROLLER_2_91_0
FILE_ROLLER_2_91_1
FILE_ROLLER_2_91_2
FILE_ROLLER_2_91_3
FILE_ROLLER_2_91_4
FILE_ROLLER_2_91_5
FILE_ROLLER_2_91_6
FILE_ROLLER_2_91_90
FILE_ROLLER_2_91_91
FILE_ROLLER_2_91_92
FILE_ROLLER_2_91_93
FILE_ROLLER_3_0_0
start
Database specific
vanir_signatures
[
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"95385917723954952152686545935893094378",
"97105830784155770464566615438635742643",
"306632737854118002414292104102373088147",
"57913424553042995627072615031115105077",
"100562731692271825183085485196907839544",
"298651497325788982640650275848978867113",
"319394264950515885534520465988877127478",
"47294577577953722963932565503162664106",
"273948702616890280881647240280589881474",
"272890392417249326463960713961549661948",
"179506783225786967226473831262843678331",
"314861120285357120543648217803876325105",
"225533952785851287494446717619576607239",
"8812003520771277943284835816947609593",
"206053551948270958591965294830818961352",
"75275916384227615079226712586050902278",
"256032366655366056021704912370287575847",
"12641414983514777817441301290634055979",
"111015415899745327204635956785598098355",
"287406378442227732099276969580333187796",
"132349299994660122083462138388699623711",
"218677691514100028481150288167962310938",
"18068216535966220537647144952895369903"
],
"threshold": 0.9
},
"source": "https://gitlab.gnome.org/GNOME/file-roller@21dfcdbfe258984db89fb65243a1a888924e45a0",
"deprecated": false,
"id": "CVE-2020-11736-155c6f95",
"signature_version": "v1",
"target": {
"file": "src/fr-archive-libarchive.c"
}
},
{
"signature_type": "Function",
"digest": {
"function_hash": "214991395152448538584064251078582305986",
"length": 5664.0
},
"source": "https://gitlab.gnome.org/GNOME/file-roller@21dfcdbfe258984db89fb65243a1a888924e45a0",
"deprecated": false,
"id": "CVE-2020-11736-8e4ca4e4",
"signature_version": "v1",
"target": {
"file": "src/fr-archive-libarchive.c",
"function": "extract_archive_thread"
}
}
]