VDB
CVE-2020-16116
CVE-2020-16116
PUBLISHED
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
EPSS 0.83% · 74.9th percentile
Risk Scores
EPSS Score
0.83%
74.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | ark | 4:17.08.3-0ubuntu1, *, 0 |
| Ubuntu:20.04:LTS | ark | *, 4:19.08.1-1, 4:19.08.3-0ubuntu1 |
| Ubuntu:16.04:LTS | ark | *, 4:15.12.3-0ubuntu1.2, 4:15.12.3-0ubuntu1.1 |
Exploit Intelligence
- https://github.com/KDE/ark/commits/master (circl)
- https://www.debian.org/security/2020/dsa-4738 (circl)
- https://kde.org/info/security/advisory-20200730-1.txt (circl)
- https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f (circl)
- GLSA-202008-03 (circl)
- FEDORA-2020-cac5ae9b6e (circl)
- openSUSE-SU-2020:1183 (circl)
- FEDORA-2020-e2fe8f0165 (circl)
- USN-4461-1 (circl)
- [debian-lts-announce] 20220520 [SECURITY] [DLA 3015-1] ark security update (circl)
Timeline
- Aug 3, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 30, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-16116 third-party-advisory
- https://kde.org/info/security/advisory-20200730-1.txt third-party-advisory
- https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f third-party-advisory
- https://github.com/KDE/ark/commits/master third-party-advisory
- https://www.debian.org/security/2020/dsa-4738 third-party-advisory
- https://ubuntu.com/security/notices/USN-4461-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-16116 third-party-advisory