ALT-PU-2020-2553-1
Closed vulnerabilities
Published: 2020-08-03
BDU:2021-03629
Уязвимость функции Job::onEntry из jobs.cpp архиватора Ark, связанная с недостатками ограничения имени пути к каталогу, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
Severity: MEDIUM (4.3)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
Published: 2020-08-03
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-16116
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
Severity: LOW (3.3)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
- openSUSE-SU-2020:1183
- openSUSE-SU-2020:1183
- https://github.com/KDE/ark/commits/master
- https://github.com/KDE/ark/commits/master
- https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f
- https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f
- https://kde.org/info/security/advisory-20200730-1.txt
- https://kde.org/info/security/advisory-20200730-1.txt
- [debian-lts-announce] 20220520 [SECURITY] [DLA 3015-1] ark security update
- [debian-lts-announce] 20220520 [SECURITY] [DLA 3015-1] ark security update
- FEDORA-2020-e2fe8f0165
- FEDORA-2020-e2fe8f0165
- FEDORA-2020-cac5ae9b6e
- FEDORA-2020-cac5ae9b6e
- GLSA-202008-03
- GLSA-202008-03
- USN-4461-1
- USN-4461-1
- https://www.debian.org/security/2020/dsa-4738
- https://www.debian.org/security/2020/dsa-4738