Showing 1 - 1 of 1

CVE-2020-36241

Status Candidate

Overview

autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

Related Files

Ubuntu Security Notice USN-4733-1: Posted Feb 11, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4733-1 - Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution.; tags | advisory, remote, arbitrary, code execution; systems | linux, ubuntu; advisories | CVE-2020-36241; MD5 | 3c18fc22fd38af8603be0f826c12a53c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 94 files
malvuln 55 files
Ubuntu 51 files
Google Security Research 14 files
Erik David Martin 9 files
Apple 5 files
Tim Willis 4 files
Ismael Nava 4 files
Soham Bakore 4 files
Jeenali Kothari 4 files

File Archives

Systems

AIX (421)
Apple (1,774)
BSD (368)
Cisco (1,902)
Debian (5,945)
Fedora (1,688)
FreeBSD (1,241)
Gentoo (4,040)
HPUX (873)
iOS (284)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (39,463)
Mac OS X (673)
Mandriva (3,105)
NetBSD (255)
OpenBSD (472)
RedHat (9,691)
Slackware (941)
Solaris (1,598)
SUSE (1,444)
Ubuntu (7,138)
UNIX (8,846)
UnixWare (180)
Windows (5,815)
Other

CVE-2020-36241

Overview

Related Files

File Archive:

February 2021

Top Authors In Last 30 Days

File Tags

File Archives

Systems