Main Vulnerability Database Vulnerabilities #VU32924

#VU32924 Path traversal in ark - CVE-2020-16116

Published: July 30, 2020 / Updated: August 14, 2020

Vulnerability identifier: #VU32924

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-16116

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ark

Software vendor:
KDE.org

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the archive. A remote attacker can create a specially crafted archive, trick the victim into extracting files from it and overwrite arbitrary files on the system with privileges of the current user.

Remediation

Install updates from vendor's website.

External links

https://kde.org/info/security/advisory-20200730-1.txt

#VU32924 Path traversal in ark - CVE-2020-16116

Description

Remediation

External links

Please verify you're human