CVE-2020-36314
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-36314
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36314.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-36314
- Downstream
- Related
- Published
- 2021-04-07T12:15:12Z
- Modified
- 2025-10-24T04:12:18.218852Z
- Severity
-
- 3.9 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.
- References
Affected packages
Git / github.com/gnome/file-roller
Git / github.com/gnome/file-roller
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.gnome.org/GNOME/file-roller
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
3.*
3.0.1
3.0.2
3.1.1
3.1.2
3.1.90
3.1.91
3.1.92
3.10.0
3.10.1
3.11.1
3.11.2
3.11.3
3.11.4
3.11.5
3.11.90
3.11.91
3.11.92
3.12.0
3.12.1
3.13.1
3.13.2
3.13.91
3.13.92
3.14.0
3.14.1
3.15.1
3.15.2
3.15.90
3.15.91
3.15.92
3.16.0
3.16.1
3.16.2
3.16.3
3.16.4
3.19.1
3.19.90
3.19.91
3.2.0
3.2.1
3.20.0
3.20.1
3.20.2
3.21.90
3.21.91
3.22.0
3.22.1
3.22.2
3.22.3
3.23.91
3.23.92
3.24.0
3.24.1
3.25.1
3.25.91
3.26.0
3.26.1
3.27.1
3.27.90
3.27.91
3.28.0
3.29.1
3.29.90
3.29.91
3.3.1
3.3.2
3.3.3
3.3.90
3.3.91
3.3.92
3.30.0
3.30.1
3.31.1
3.31.2
3.31.90
3.31.91
3.31.92
3.32.0
3.32.1
3.32.2
3.35.1
3.35.90
3.35.91
3.35.92
3.36.0
3.36.1
3.36.2
3.37.90
3.38.0
3.4.0
3.4.1
3.4.2
3.5.1
3.5.2
3.5.3
3.5.4
3.5.90
3.5.91
3.5.92
3.6.0
3.6.1
3.6.1.1
3.6.2
3.7.1
3.7.2
3.7.3
3.7.90
3.7.91
3.7.92
3.8.0
3.8.1
3.9.1
3.9.2
3.9.3
3.9.4
3.9.90
3.9.91
3.9.92
Other
FILE_ROLLER_2_13_2
FILE_ROLLER_2_13_4
FILE_ROLLER_2_13_90
FILE_ROLLER_2_13_91
FILE_ROLLER_2_13_92
FILE_ROLLER_2_14_0
FILE_ROLLER_2_14_1
FILE_ROLLER_2_14_2
FILE_ROLLER_2_14_3
FILE_ROLLER_2_15_1
FILE_ROLLER_2_15_90
FILE_ROLLER_2_15_91
FILE_ROLLER_2_15_92
FILE_ROLLER_2_15_93
FILE_ROLLER_2_16_0
FILE_ROLLER_2_16_1
FILE_ROLLER_2_17_1
FILE_ROLLER_2_17_2
FILE_ROLLER_2_17_3
FILE_ROLLER_2_17_4
FILE_ROLLER_2_17_5
FILE_ROLLER_2_17_90
FILE_ROLLER_2_17_91
FILE_ROLLER_2_17_92
FILE_ROLLER_2_18_0
FILE_ROLLER_2_19_1
FILE_ROLLER_2_19_2
FILE_ROLLER_2_19_3
FILE_ROLLER_2_19_4
FILE_ROLLER_2_19_90
FILE_ROLLER_2_19_91
FILE_ROLLER_2_19_92
FILE_ROLLER_2_20_0
FILE_ROLLER_2_20_1
FILE_ROLLER_2_20_2
FILE_ROLLER_2_21_1
FILE_ROLLER_2_21_2
FILE_ROLLER_2_21_91
FILE_ROLLER_2_21_92
FILE_ROLLER_2_22_0
FILE_ROLLER_2_23_1
FILE_ROLLER_2_23_2
FILE_ROLLER_2_23_3
FILE_ROLLER_2_23_4
FILE_ROLLER_2_23_5
FILE_ROLLER_2_23_6
FILE_ROLLER_2_23_91
FILE_ROLLER_2_23_92
FILE_ROLLER_2_24_0
FILE_ROLLER_2_24_1
FILE_ROLLER_2_24_2
FILE_ROLLER_2_25_1
FILE_ROLLER_2_25_2
FILE_ROLLER_2_25_90
FILE_ROLLER_2_25_91
FILE_ROLLER_2_25_92
FILE_ROLLER_2_26_0
FILE_ROLLER_2_26_1
FILE_ROLLER_2_27_1
FILE_ROLLER_2_27_2
FILE_ROLLER_2_27_3
FILE_ROLLER_2_27_90
FILE_ROLLER_2_27_91
FILE_ROLLER_2_27_92
FILE_ROLLER_2_28_0
FILE_ROLLER_2_28_1
FILE_ROLLER_2_29_1
FILE_ROLLER_2_29_2
FILE_ROLLER_2_29_3
FILE_ROLLER_2_29_4
FILE_ROLLER_2_29_5
FILE_ROLLER_2_29_90
FILE_ROLLER_2_29_91
FILE_ROLLER_2_29_92
FILE_ROLLER_2_30_0
FILE_ROLLER_2_30_1
FILE_ROLLER_2_30_1_1
FILE_ROLLER_2_31_1
FILE_ROLLER_2_31_2
FILE_ROLLER_2_31_3
FILE_ROLLER_2_31_4
FILE_ROLLER_2_31_5
FILE_ROLLER_2_31_90
FILE_ROLLER_2_31_91
FILE_ROLLER_2_31_92
FILE_ROLLER_2_32_0
FILE_ROLLER_2_4_0_1
FILE_ROLLER_2_91_0
FILE_ROLLER_2_91_1
FILE_ROLLER_2_91_2
FILE_ROLLER_2_91_3
FILE_ROLLER_2_91_4
FILE_ROLLER_2_91_5
FILE_ROLLER_2_91_6
FILE_ROLLER_2_91_90
FILE_ROLLER_2_91_91
FILE_ROLLER_2_91_92
FILE_ROLLER_2_91_93
FILE_ROLLER_3_0_0
start
Database specific
vanir_signatures
[
{
"id": "CVE-2020-36314-2364fd42",
"target": {
"function": "extract_archive_thread",
"file": "src/fr-archive-libarchive.c"
},
"signature_version": "v1",
"digest": {
"length": 6450.0,
"function_hash": "60808048955709512113614328805455686923"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://gitlab.gnome.org/GNOME/file-roller@e970f4966bf388f6e7c277357c8b186c645683ae"
},
{
"id": "CVE-2020-36314-3218266e",
"target": {
"function": "_g_path_is_external_to_destination",
"file": "src/fr-archive-libarchive.c"
},
"signature_version": "v1",
"digest": {
"length": 607.0,
"function_hash": "221862826492744174448882073341140660307"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://gitlab.gnome.org/GNOME/file-roller@e970f4966bf388f6e7c277357c8b186c645683ae"
},
{
"id": "CVE-2020-36314-3bdc2ee2",
"target": {
"function": "_g_file_is_external_link",
"file": "src/fr-archive-libarchive.c"
},
"signature_version": "v1",
"digest": {
"length": 574.0,
"function_hash": "225555408848509352649734333218533066612"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://gitlab.gnome.org/GNOME/file-roller@e970f4966bf388f6e7c277357c8b186c645683ae"
},
{
"id": "CVE-2020-36314-4769bcf8",
"target": {
"file": "src/fr-archive-libarchive.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"146709715939960724337984117600763767179",
"339292542750140785681510903034105870224",
"61875278375570892821098603046798246561",
"9330766702121949749193116613950402458",
"139621286019227627471182516234522632973",
"253498509519190053050280382239615365662",
"59352099754258104963826902346600857353",
"15205626340177883025994517826932947242",
"269112921522858811606359151611391841919",
"282762587831354914157114927780954489518",
"94595517170135421982233436038889957540",
"258843169712597735522550442016088699092",
"305014681621814902859561482479672603785",
"106373370379301050872180296754894752797",
"166153319792990008894491681968441981978",
"172409883153889635762808570190416317623",
"59818968609041984036945092529645845813",
"175218409851787736851333769572078405971",
"17113982375513870659640008184570272246",
"95095239404770777455759279768267648551",
"211147439344134261834870390964796942286",
"316333989518642035503790208939481328725",
"211808846282800040036471567809205776437",
"87064133438308804370849661192319995610",
"217188080634658278566619999871655327423",
"186640571692880731674236388179376812113",
"160325128240631869355286106680032159907",
"190196787794967193605227218316443864987",
"125989739605580149557292587885226939523",
"34358751167327713231375788334684889236",
"174464104724081770578147776848587067707",
"209997232111927185028180963883771771337",
"283617308596420261888664405384249959479",
"330170261065734099579408535797325582009",
"51286193091577489434886348106173399315",
"162085901981231389655052844769446399440",
"149977351005032867707416397657337136903",
"61875278375570892821098603046798246561",
"9330766702121949749193116613950402458",
"285395783860028710305179130236877206594",
"182106710661689288703119735941506535191",
"247093038411034937787456835547337124872",
"31738314008231641698851217801887981628",
"309711283108608653692582090840606050484",
"330525804751936660857897758681898188387",
"166446326209426793592442228934490187998",
"283309492847414812467451188217850024293",
"238159692836943335195463112226658417945",
"329953309676211047576268453301133120524",
"321311068558485747022267600066324895626",
"339184105175035333071544431659902864589",
"327524862563747969385012655824980711684",
"41156593881384362318774313794676142904",
"208788113200024406196378464063681708935",
"153873218480326209053260067020202982385",
"303235726141394301577409669637759581235",
"308334083766018209295213333542932706217",
"96416529238657292593388119774956125573",
"175538751908827492137131447310603896379",
"211122986791249401185149796701217349195",
"320354896816648722737588298195663991306",
"319597738784256129866939466325643336173",
"43440380073842771978682096697109832629",
"41074302152437806050277331509859900068",
"61563206650722470387135163230619936383",
"266932053986537170036898743238015296936",
"226207979753920528157978555471342888922",
"198869584461651495594300288719767699204",
"336497463834823330095709743882419554036",
"283708578454091339762301713036289880254",
"203478842179416947683365690375817902093",
"124511053327699945457999862393893920877",
"295558116060533278747699984223012980710",
"170476023375528992982554261822180028905",
"104912271197867939507078593505647767818",
"92518666592401086780939486666771672990",
"224484994291639959088328409081130961198",
"152038198070274558671006613990696813652",
"331458564215768077372960133616139681793",
"45553021009269892167052076222981899725",
"58463451515051538920586302687493629123",
"175693348568067947358319989115602115444",
"15192357812979915149219519770168361566",
"161006039304731174134311122121443195174",
"201532959395590088997840615776273212443",
"14380720067579882898163090373395488232",
"247093038411034937787456835547337124872",
"31738314008231641698851217801887981628",
"309711283108608653692582090840606050484",
"330525804751936660857897758681898188387",
"241989282876723620409227140451357862211",
"2547700575424853994325559819059689279",
"80342930890429303859239855681031515920",
"92518666592401086780939486666771672990",
"224484994291639959088328409081130961198",
"45553021009269892167052076222981899725",
"58463451515051538920586302687493629123",
"70272866685011805801234117246910269332",
"82381267178719591418649516733868065432",
"116438243239424002785498866370044178676",
"158182987833810717907407811528224842214",
"8871850198502240683468577164925797305",
"133081834029466068120005964067472447091",
"143917871285439392202171140879783940993",
"104212490712745305036860141525303761085",
"166900524688405353612781243253450318310",
"280220251396634263758167077386372050282",
"116922807588638777035506432014800070092",
"188889080150862448265302819644136723532",
"226954291462105304296779657971084332274",
"330119552645069808028021613831211373716",
"182129028155667278043158366077447801062",
"121068187868981962691750451105296784474",
"66651885385417969885348701915491119710",
"79973790705147843339350223599674721450",
"302311904733875103776792268455204124474",
"309314296294565765534731549157228893346",
"107604141983718072273420107334744061161",
"330197757295130754756991416251106594588",
"83253584824601087573820988722221943333"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"source": "https://gitlab.gnome.org/GNOME/file-roller@e970f4966bf388f6e7c277357c8b186c645683ae"
},
{
"id": "CVE-2020-36314-a8349b33",
"target": {
"function": "_symlink_is_external_to_destination",
"file": "src/fr-archive-libarchive.c"
},
"signature_version": "v1",
"digest": {
"length": 901.0,
"function_hash": "335236319665612153582736678377402884593"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://gitlab.gnome.org/GNOME/file-roller@e970f4966bf388f6e7c277357c8b186c645683ae"
}
]