Home

CVE-2021-28650

Description

autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a files parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.175

Associated Vulnerability

VulnerabilityOS Platform
Archive integration support for GNOME (USN-4937-1) libgnome-autoar-0-0_0.2.3-1ubuntu0.3_i386.debLinux
Archive integration support for GNOME (USN-4937-1) libgnome-autoar-0-0_0.2.3-1ubuntu0.3_amd64.debLinux
Archive integration support for GNOME (USN-4937-1) libgnome-autoar-0-0_0.2.3-2ubuntu0.3_amd64.debLinux
Archive integration support for GNOME (USN-4937-1) libgnome-autoar-0-0_0.2.4-2ubuntu0.3_amd64.debLinux
Archive integration support for GNOME (USN-4937-1) libgnome-autoar-gtk-0-0_0.2.3-1ubuntu0.3_i386.debLinux
Archive integration support for GNOME (USN-4937-1) libgnome-autoar-gtk-0-0_0.2.3-1ubuntu0.3_amd64.debLinux
Archive integration support for GNOME (USN-4937-1) libgnome-autoar-gtk-0-0_0.2.3-2ubuntu0.3_amd64.debLinux
Archive integration support for GNOME (USN-4937-1) libgnome-autoar-gtk-0-0_0.2.4-2ubuntu0.3_amd64.debLinux
LibRaw update (ELSA-2021-4381) LibRaw-0.19.5-3.el8.i686.rpmLinux
LibRaw update (ELSA-2021-4381) LibRaw-0.19.5-3.el8.x86_64.rpmLinux
Accountsservice update (ELSA-2021-4381) accountsservice-0.6.55-2.el8.x86_64.rpmLinux
Accountsservice-libs update (ELSA-2021-4381) accountsservice-libs-0.6.55-2.el8.i686.rpmLinux
Accountsservice-libs update (ELSA-2021-4381) accountsservice-libs-0.6.55-2.el8.x86_64.rpmLinux
Gdm update (ELSA-2021-4381) gdm-40.0-15.el8.i686.rpmLinux
Gdm update (ELSA-2021-4381) gdm-40.0-15.el8.x86_64.rpmLinux
Gnome-autoar update (ELSA-2021-4381) gnome-autoar-0.2.3-2.el8.i686.rpmLinux
Gnome-autoar update (ELSA-2021-4381) gnome-autoar-0.2.3-2.el8.x86_64.rpmLinux
Gnome-calculator update (ELSA-2021-4381) gnome-calculator-3.28.2-2.el8.x86_64.rpmLinux
Gnome-classic-session update (ELSA-2021-4381) gnome-classic-session-3.32.1-20.el8.noarch.rpmLinux
Gnome-control-center update (ELSA-2021-4381) gnome-control-center-3.28.2-28.el8.x86_64.rpmLinux
Gnome-control-center-filesystem update (ELSA-2021-4381) gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpmLinux
Gnome-online-accounts update (ELSA-2021-4381) gnome-online-accounts-3.28.2-3.el8.i686.rpmLinux
Gnome-online-accounts update (ELSA-2021-4381) gnome-online-accounts-3.28.2-3.el8.x86_64.rpmLinux
Gnome-online-accounts-devel update (ELSA-2021-4381) gnome-online-accounts-devel-3.28.2-3.el8.i686.rpmLinux
Gnome-online-accounts-devel update (ELSA-2021-4381) gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpmLinux
Gnome-session update (ELSA-2021-4381) gnome-session-3.28.1-13.0.1.el8.x86_64.rpmLinux
Gnome-session-kiosk-session update (ELSA-2021-4381) gnome-session-kiosk-session-3.28.1-13.0.1.el8.x86_64.rpmLinux
Gnome-session-wayland-session update (ELSA-2021-4381) gnome-session-wayland-session-3.28.1-13.0.1.el8.x86_64.rpmLinux
Gnome-session-xsession update (ELSA-2021-4381) gnome-session-xsession-3.28.1-13.0.1.el8.x86_64.rpmLinux
Gnome-settings-daemon update (ELSA-2021-4381) gnome-settings-daemon-3.32.0-16.el8.x86_64.rpmLinux
Gnome-shell update (ELSA-2021-4381) gnome-shell-3.32.2-40.el8.x86_64.rpmLinux
Gnome-shell-extension-apps-menu update (ELSA-2021-4381) gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-auto-move-windows update (ELSA-2021-4381) gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-common update (ELSA-2021-4381) gnome-shell-extension-common-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-dash-to-dock update (ELSA-2021-4381) gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-desktop-icons update (ELSA-2021-4381) gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-disable-screenshield update (ELSA-2021-4381) gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-drive-menu update (ELSA-2021-4381) gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-gesture-inhibitor update (ELSA-2021-4381) gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-horizontal-workspaces update (ELSA-2021-4381) gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-launch-new-instance update (ELSA-2021-4381) gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-native-window-placement update (ELSA-2021-4381) gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-no-hot-corner update (ELSA-2021-4381) gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-panel-favorites update (ELSA-2021-4381) gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-places-menu update (ELSA-2021-4381) gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-screenshot-window-sizer update (ELSA-2021-4381) gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-systemMonitor update (ELSA-2021-4381) gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-top-icons update (ELSA-2021-4381) gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-updates-dialog update (ELSA-2021-4381) gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-user-theme update (ELSA-2021-4381) gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-window-grouper update (ELSA-2021-4381) gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-window-list update (ELSA-2021-4381) gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-windowsNavigator update (ELSA-2021-4381) gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpmLinux
Gnome-shell-extension-workspace-indicator update (ELSA-2021-4381) gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpmLinux
Gnome-software update (ELSA-2021-4381) gnome-software-3.36.1-10.el8.x86_64.rpmLinux
Gsettings-desktop-schemas update (ELSA-2021-4381) gsettings-desktop-schemas-3.32.0-6.el8.i686.rpmLinux
Gsettings-desktop-schemas update (ELSA-2021-4381) gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpmLinux
Gsettings-desktop-schemas-devel update (ELSA-2021-4381) gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpmLinux
Gsettings-desktop-schemas-devel update (ELSA-2021-4381) gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpmLinux
Gtk-update-icon-cache update (ELSA-2021-4381) gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpmLinux
Gtk3 update (ELSA-2021-4381) gtk3-3.22.30-8.el8.i686.rpmLinux
Gtk3 update (ELSA-2021-4381) gtk3-3.22.30-8.el8.x86_64.rpmLinux
Gtk3-devel update (ELSA-2021-4381) gtk3-devel-3.22.30-8.el8.i686.rpmLinux
Gtk3-devel update (ELSA-2021-4381) gtk3-devel-3.22.30-8.el8.x86_64.rpmLinux
Gtk3-immodule-xim update (ELSA-2021-4381) gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpmLinux
Mutter update (ELSA-2021-4381) mutter-3.32.2-60.el8.i686.rpmLinux
Mutter update (ELSA-2021-4381) mutter-3.32.2-60.el8.x86_64.rpmLinux
Vino update (ELSA-2021-4381) vino-3.22.0-11.el8.x86_64.rpmLinux
Webkit2gtk3 update (ELSA-2021-4381) webkit2gtk3-2.32.3-2.el8.i686.rpmLinux
Webkit2gtk3 update (ELSA-2021-4381) webkit2gtk3-2.32.3-2.el8.x86_64.rpmLinux
Webkit2gtk3-devel update (ELSA-2021-4381) webkit2gtk3-devel-2.32.3-2.el8.i686.rpmLinux
Webkit2gtk3-devel update (ELSA-2021-4381) webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpmLinux
Webkit2gtk3-jsc update (ELSA-2021-4381) webkit2gtk3-jsc-2.32.3-2.el8.i686.rpmLinux
Webkit2gtk3-jsc update (ELSA-2021-4381) webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpmLinux
Webkit2gtk3-jsc-devel update (ELSA-2021-4381) webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpmLinux
Webkit2gtk3-jsc-devel update (ELSA-2021-4381) webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update vino-3.22.0-11.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update gnome-autoar-0.2.3-2.el8.i686.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update gnome-autoar-0.2.3-2.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update gnome-calculator-3.28.2-2.el8.x86_64.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update gsettings-desktop-schemas-3.32.0-6.el8.i686.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpmLinux
Moderate: GNOME security, bug fix, and enhancement update gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpmLinux
GNOME security, bug fix, and enhancement update (RLSA-2021:4381) gnome-settings-daemon-3.32.0-16.el8_6.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234