Launchpad.net

CVE 2020-24654

In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

Related bugs and status

CVE-2020-24654 (Candidate) is related to these bugs:

Bug #1893465: KDE Project Security Advisory: Ark: maliciously crafted TAR archive with symlinks can install files outside the extraction directory.

		In	Importance	Status
1893465	KDE Project Security Advisory: Ark: maliciously crafted TAR archive with symlinks can install files outside the extraction directory.	ark (Ubuntu)	Undecided	Fix Released
1893465	KDE Project Security Advisory: Ark: maliciously crafted TAR archive with symlinks can install files outside the extraction directory.	ark (Ubuntu Groovy)	Undecided	Fix Released
1893465	KDE Project Security Advisory: Ark: maliciously crafted TAR archive with symlinks can install files outside the extraction directory.	ark (Ubuntu Focal)	Undecided	Fix Released
1893465	KDE Project Security Advisory: Ark: maliciously crafted TAR archive with symlinks can install files outside the extraction directory.	ark (Ubuntu Bionic)	Undecided	Fix Released
1893465	KDE Project Security Advisory: Ark: maliciously crafted TAR archive with symlinks can install files outside the extraction directory.	ark (Ubuntu Xenial)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2020-24654

Related bugs and status

Related bugs

References