Launchpad.net

CVE 2020-36241

autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

Related bugs and status

CVE-2020-36241 (Candidate) is related to these bugs:

Bug #1901240: Ubuntu GNOME Path Traversal

Summary				In	Importance	Status
	1901240	Ubuntu GNOME Path Traversal		gnome-autoar (Ubuntu)	Undecided	Fix Released

Bug #1917812: extracting archives from within nautilus omits subfolders

		In	Importance	Status
1917812	extracting archives from within nautilus omits subfolders	gnome-autoar (Ubuntu)	High	Fix Released
1917812	extracting archives from within nautilus omits subfolders	gnome-autoar (Ubuntu Bionic)	Undecided	Fix Released
1917812	extracting archives from within nautilus omits subfolders	gnome-autoar (Ubuntu Focal)	Undecided	Fix Released
1917812	extracting archives from within nautilus omits subfolders	gnome-autoar (Ubuntu Hirsute)	High	Fix Released
1917812	extracting archives from within nautilus omits subfolders	gnome-autoar (Ubuntu Groovy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2020-36241

Related bugs and status

Related bugs

References