CVE-2020-36314

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-36314

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36314.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-36314

Related

Published

2021-04-07T12:15:12Z

Modified

2024-11-02T00:56:27.764914Z

Severity

3.9 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L CVSS Calculator

Summary

[none]

Details

fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.

References

Affected packages

Debian:11 / file-roller

Package

Name: file-roller
Purl: pkg:deb/debian/file-roller?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.38.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / file-roller

Package

Name: file-roller
Purl: pkg:deb/debian/file-roller?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.38.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / file-roller

Package

Name: file-roller
Purl: pkg:deb/debian/file-roller?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.38.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/gnome/file-roller

Affected ranges

Type: GIT
Repo: https://github.com/gnome/file-roller
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

25f9db9770ff5f68aeaffce2e329ef39ae47729d

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/file-roller
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e970f4966bf388f6e7c277357c8b186c645683ae

Affected versions

3.*

3.0.1

3.0.2

3.1.1

3.1.2

3.1.90

3.1.91

3.1.92

3.10.0

3.10.1

3.11.1

3.11.2

3.11.3

3.11.4

3.11.5

3.11.90

3.11.91

3.11.92

3.12.0

3.12.1

3.13.1

3.13.2

3.13.91

3.13.92

3.14.0

3.14.1

3.15.1

3.15.2

3.15.90

3.15.91

3.15.92

3.16.0

3.16.1

3.16.2

3.16.3

3.16.4

3.19.1

3.19.90

3.19.91

3.2.0

3.2.1

3.20.0

3.20.1

3.20.2

3.21.90

3.21.91

3.22.0

3.22.1

3.22.2

3.22.3

3.23.91

3.23.92

3.24.0

3.24.1

3.25.1

3.25.91

3.26.0

3.26.1

3.27.1

3.27.90

3.27.91

3.28.0

3.29.1

3.29.90

3.29.91

3.3.1

3.3.2

3.3.3

3.3.90

3.3.91

3.3.92

3.30.0

3.30.1

3.31.1

3.31.2

3.31.90

3.31.91

3.31.92

3.32.0

3.32.1

3.32.2

3.35.1

3.35.90

3.35.91

3.35.92

3.36.0

3.36.1

3.36.2

3.37.90

3.38.0

3.4.0

3.4.1

3.4.2

3.5.1

3.5.2

3.5.3

3.5.4

3.5.90

3.5.91

3.5.92

3.6.0

3.6.1

3.6.1.1

3.6.2

3.7.1

3.7.2

3.7.3

3.7.90

3.7.91

3.7.92

3.8.0

3.8.1

3.9.1

3.9.2

3.9.3

3.9.4

3.9.90

3.9.91

3.9.92

Other

FILE_ROLLER_2_13_2

FILE_ROLLER_2_13_4

FILE_ROLLER_2_13_90

FILE_ROLLER_2_13_91

FILE_ROLLER_2_13_92

FILE_ROLLER_2_14_0

FILE_ROLLER_2_14_1

FILE_ROLLER_2_14_2

FILE_ROLLER_2_14_3

FILE_ROLLER_2_15_1

FILE_ROLLER_2_15_90

FILE_ROLLER_2_15_91

FILE_ROLLER_2_15_92

FILE_ROLLER_2_15_93

FILE_ROLLER_2_16_0

FILE_ROLLER_2_16_1

FILE_ROLLER_2_17_1

FILE_ROLLER_2_17_2

FILE_ROLLER_2_17_3

FILE_ROLLER_2_17_4

FILE_ROLLER_2_17_5

FILE_ROLLER_2_17_90

FILE_ROLLER_2_17_91

FILE_ROLLER_2_17_92

FILE_ROLLER_2_18_0

FILE_ROLLER_2_19_1

FILE_ROLLER_2_19_2

FILE_ROLLER_2_19_3

FILE_ROLLER_2_19_4

FILE_ROLLER_2_19_90

FILE_ROLLER_2_19_91

FILE_ROLLER_2_19_92

FILE_ROLLER_2_20_0

FILE_ROLLER_2_20_1

FILE_ROLLER_2_20_2

FILE_ROLLER_2_21_1

FILE_ROLLER_2_21_2

FILE_ROLLER_2_21_91

FILE_ROLLER_2_21_92

FILE_ROLLER_2_22_0

FILE_ROLLER_2_23_1

FILE_ROLLER_2_23_2

FILE_ROLLER_2_23_3

FILE_ROLLER_2_23_4

FILE_ROLLER_2_23_5

FILE_ROLLER_2_23_6

FILE_ROLLER_2_23_91

FILE_ROLLER_2_23_92

FILE_ROLLER_2_24_0

FILE_ROLLER_2_24_1

FILE_ROLLER_2_24_2

FILE_ROLLER_2_25_1

FILE_ROLLER_2_25_2

FILE_ROLLER_2_25_90

FILE_ROLLER_2_25_91

FILE_ROLLER_2_25_92

FILE_ROLLER_2_26_0

FILE_ROLLER_2_26_1

FILE_ROLLER_2_27_1

FILE_ROLLER_2_27_2

FILE_ROLLER_2_27_3

FILE_ROLLER_2_27_90

FILE_ROLLER_2_27_91

FILE_ROLLER_2_27_92

FILE_ROLLER_2_28_0

FILE_ROLLER_2_28_1

FILE_ROLLER_2_29_1

FILE_ROLLER_2_29_2

FILE_ROLLER_2_29_3

FILE_ROLLER_2_29_4

FILE_ROLLER_2_29_5

FILE_ROLLER_2_29_90

FILE_ROLLER_2_29_91

FILE_ROLLER_2_29_92

FILE_ROLLER_2_30_0

FILE_ROLLER_2_30_1

FILE_ROLLER_2_30_1_1

FILE_ROLLER_2_31_1

FILE_ROLLER_2_31_2

FILE_ROLLER_2_31_3

FILE_ROLLER_2_31_4

FILE_ROLLER_2_31_5

FILE_ROLLER_2_31_90

FILE_ROLLER_2_31_91

FILE_ROLLER_2_31_92

FILE_ROLLER_2_32_0

FILE_ROLLER_2_4_0_1

FILE_ROLLER_2_91_0

FILE_ROLLER_2_91_1

FILE_ROLLER_2_91_2

FILE_ROLLER_2_91_3

FILE_ROLLER_2_91_4

FILE_ROLLER_2_91_5

FILE_ROLLER_2_91_6

FILE_ROLLER_2_91_90

FILE_ROLLER_2_91_91

FILE_ROLLER_2_91_92

FILE_ROLLER_2_91_93

FILE_ROLLER_3_0_0

start