CVE-2020-24654

Source
https://cve.org/CVERecord?id=CVE-2020-24654
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24654.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-24654
Downstream
Related
Published
2020-09-02T17:15:12.327Z
Modified
2026-04-16T04:32:58.517157552Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

References

Affected packages

Git / github.com/kde/ark

Affected ranges

Type
GIT
Repo
https://github.com/kde/ark
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Fixed
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "20.08.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.04"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "18.04"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "20.04"
        }
    ]
}

Affected versions

v1.*
v1.1.0
v14.*
v14.11.80
v14.11.90
v15.*
v15.03.80
v15.03.90
v15.03.95
v15.11.80
v15.11.90
v16.*
v16.03.80
v16.03.90
v16.04.0
v18.*
v18.03.80
v18.03.90
v18.04.0
v2.*
v2.0.0
v2.1.0
v2.2.0
v20.*
v20.03.80
v20.03.90
v20.04.0
v20.07.80
v20.07.90
v20.08.0
v3.*
v3.0.0
v3.2.0
v3.3.0
v3.4.0
v3.4.0-beta1
v3.4.0-beta2
v3.4.90
v3.4.91
v3.80.2
v3.80.3
v3.90.1
v3.93
v3.94
v3.95
v3.96
v3.97
v4.*
v4.0.0
v4.0.71
v4.0.80
v4.0.83
v4.0.98
v4.1.80
v4.1.85
v4.1.96
v4.10.80
v4.10.90
v4.11.80
v4.11.90
v4.11.95
v4.11.97
v4.12.0
v4.12.80
v4.12.90
v4.13.80
v4.2.85
v4.2.90
v4.2.95
v4.3.80
v4.3.85
v4.3.90
v4.4.80
v4.4.85
v4.4.90
v4.5.80
v4.5.85
v4.5.90
v4.6.80
v4.6.90
v4.7.80
v4.7.90
v4.7.95
v4.8.80
v4.8.90
v4.8.95
v4.9.80
v4.9.90
v4.9.95
v4.9.97
v4.9.98

Database specific

vanir_signatures
[
    {
        "id": "CVE-2020-24654-6bd062c2",
        "target": {
            "file": "plugins/libarchive/libarchiveplugin.cpp"
        },
        "signature_version": "v1",
        "source": "https://github.com/kde/ark/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "126268697906387531437154722463783316877",
                "317460705606065930337357873444419032854",
                "22211685237769324778665279359871263565",
                "41088019058332385618989110578566294914",
                "155381852536936527875410613708669712708",
                "47780818950179183007580105816750554121"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "digest": {
            "function_hash": "162839930763540093723269469660633470842",
            "length": 144.0
        },
        "target": {
            "function": "LibarchivePlugin::extractionFlags",
            "file": "plugins/libarchive/libarchiveplugin.cpp"
        },
        "signature_version": "v1",
        "source": "https://github.com/kde/ark/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd",
        "signature_type": "Function",
        "id": "CVE-2020-24654-9152fb74",
        "deprecated": false
    }
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24654.json"
vanir_signatures_modified
"2026-04-11T11:23:20Z"
unresolved_ranges
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    }
]