CVE-2020-24654

Опубликовано: 27 авг. 2020

Источник: redhat

CVSS3: 3.3

EPSS Низкий

Описание

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

Меры по смягчению последствий

The way to mitigate this flaw is to pay attention to the contents of the archive in ark before extracting, to ensure that there are no improper symlinks, and heed the file overwrite warnings.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	ark	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-59

https://bugzilla.redhat.com/show_bug.cgi?id=1880358ark: crafted TAR archive with symlinks can install files outside the extraction directory

EPSS

Процентиль: 74%

0.00835

Низкий

3.3 Low

CVSS3

Связанные уязвимости

CVE-2020-24654

CVSS3: 3.3

ubuntu

больше 5 лет назад

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

CVE-2020-24654

CVSS3: 3.3

nvd

больше 5 лет назад

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

CVE-2020-24654

CVSS3: 3.3

debian

больше 5 лет назад

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can ins ...

openSUSE-SU-2020:1310-2

suse-cvrf

больше 5 лет назад

Security update for ark

openSUSE-SU-2020:1310-1

suse-cvrf

больше 5 лет назад

Security update for ark

EPSS

Процентиль: 74%

0.00835

Низкий

3.3 Low

CVSS3