CVE-2020-24654

Опубликовано: 02 сент. 2020

Источник: debian

EPSS Низкий

Описание

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ark	fixed	4:20.08.1-1		package

Примечания

https://github.com/KDE/ark/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd
https://kde.org/info/security/advisory-20200827-1.txt

EPSS

Процентиль: 74%

0.00835

Низкий

Связанные уязвимости

CVE-2020-24654

CVSS3: 3.3

ubuntu

больше 5 лет назад

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

CVE-2020-24654

CVSS3: 3.3

redhat

больше 5 лет назад

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

CVE-2020-24654

CVSS3: 3.3

nvd

больше 5 лет назад

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

openSUSE-SU-2020:1310-2

suse-cvrf

больше 5 лет назад

Security update for ark

openSUSE-SU-2020:1310-1

suse-cvrf

больше 5 лет назад

Security update for ark

EPSS

Процентиль: 74%

0.00835

Низкий