Showing 1 - 3 of 3

CVE-2021-28650

Status Candidate

Overview

autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241.

Related Files

Red Hat Security Advisory 2021-4381-05: Posted Nov 10, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-4381-05 - GNOME is the default desktop environment of Red Hat Enterprise Linux. Issues addressed include buffer overflow, code execution, cross site scripting, information leakage, integer overflow, traversal, and use-after-free vulnerabilities.; tags | advisory, overflow, vulnerability, code execution, xss; systems | linux, redhat; advisories | CVE-2020-13558, CVE-2020-24870, CVE-2020-27918, CVE-2020-29623, CVE-2020-36241, CVE-2021-1765, CVE-2021-1788, CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1844, CVE-2021-1870, CVE-2021-1871, CVE-2021-21775, CVE-2021-21779, CVE-2021-21806, CVE-2021-28650, CVE-2021-30663, CVE-2021-30665, CVE-2021-30682, CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749, CVE-2021-30758, CVE-2021-30795; SHA-256 | 6b31628ab9f29a4bc05026050453104d1b307494f816a809a4f05f5a2949608c; Download | Favorite | View

Gentoo Linux Security Advisory 202105-10: Posted May 26, 2021; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202105-10 - A vulnerability has been found in GNOME Autoar that could allow a remote attacker to execute arbitrary code. Versions less than 0.3.1 are affected.; tags | advisory, remote, arbitrary; systems | linux, gentoo; advisories | CVE-2020-36241, CVE-2021-28650; SHA-256 | 22a8bb6047ca3ca807280639315ffddb8a2adadcd027577fd2722e5be0f630e2; Download | Favorite | View

Ubuntu Security Notice USN-4937-1: Posted May 6, 2021; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4937-1 - Ondrej Holy discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution.; tags | advisory, remote, arbitrary, code execution; systems | linux, ubuntu; advisories | CVE-2021-28650; SHA-256 | cef58311b5408a11773fc9837781a00d24b3ee3c980444c649299495e43b149c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2021-28650

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems