Unrated severityNVD Advisory· Published Apr 7, 2021· Updated Aug 4, 2024
CVE-2020-36314
CVE-2020-36314
Description
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- GNOME/file-rollerdescription
- Range: <=3.38.0
- osv-coords3 versionspkg:rpm/almalinux/file-rollerpkg:rpm/opensuse/file-roller&distro=openSUSE%20Tumbleweedpkg:rpm/suse/file-roller&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 3.28.1-4.el8+ 2 more
- (no CPE)range: < 3.28.1-4.el8
- (no CPE)range: < 3.40.0-3.2
- (no CPE)range: < 3.20.3-15.9.1
Patches
Vulnerability mechanics
References
3- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KJBZVCHQ4SSX2JAJZVJ5J4P3GEMXJ75/mitrevendor-advisoryx_refsource_FEDORA
- gitlab.gnome.org/GNOME/file-roller/-/commit/e970f4966bf388f6e7c277357c8b186c645683aemitrex_refsource_MISC
- gitlab.gnome.org/GNOME/file-roller/-/issues/108mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.