CVE-2020-36314

Publication date 7 April 2021

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

3.9 · Low

Score breakdown

Description

fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.

Status

Package Ubuntu Release Status
file-roller 21.04 hirsute
Fixed 3.38.1-1
20.10 groovy
Fixed 3.38.0-1ubuntu0.1
20.04 LTS focal
Fixed 3.36.3-0ubuntu1.1
18.04 LTS bionic
Fixed 3.28.0-1ubuntu1.3
16.04 LTS xenial
Fixed 3.16.5-0ubuntu1.5
14.04 LTS trusty Not in release

Severity score breakdown

CVSS version: CVSS v3.0

Base score 3.9 · Low

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

References

Related Ubuntu Security Notices (USN)

    • USN-4927-1
    • File Roller vulnerability
    • 26 April 2021

Other references

Access our resources on patching vulnerabilities