CVE-2020-16116

Опубликовано: 30 июл. 2020

Источник: redhat

CVSS3: 3.3

Описание

In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.

Отчет

ark as shipped with Red Hat Enterprise Linux 7 prompts the user before allowing extraction into home directory, and also displays an error. Because the user must agree to perform the extraction in the home directory, Red Hat Product Security does not view this as a security vulnerability in ark as shipped with Red Hat Enterprise Linux 7.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	ark	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-552

https://bugzilla.redhat.com/show_bug.cgi?id=1862464ark: maliciously crafted archive can install files anywhere in the user's home directory

3.3 Low

CVSS3

Связанные уязвимости

CVE-2020-16116

CVSS3: 3.3

ubuntu

больше 5 лет назад

In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.

CVE-2020-16116

CVSS3: 3.3

nvd

больше 5 лет назад

In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.

CVE-2020-16116

CVSS3: 3.3

debian

больше 5 лет назад

In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can ...

openSUSE-SU-2020:1183-2

suse-cvrf

больше 5 лет назад

Security update for ark

openSUSE-SU-2020:1183-1

suse-cvrf

больше 5 лет назад

Security update for ark

3.3 Low

CVSS3