Directory Traversal Vulnerability in KDE Ark Releases
CVE-2020-16116

3.3LOW

Key Information:

Vendor

Kde

Status
Ark
Vendor
CVE Published:
3 August 2020

What is CVE-2020-16116?

A vulnerability exists in KDE Ark, where a specially crafted archive can manipulate the extraction process, allowing malicious files to be installed outside the intended extraction directory. This issue, found in jobs.cpp, makes it possible for attackers to exploit the program's directory traversal capabilities, potentially compromising system integrity by placing files in unauthorized locations. Users are advised to update to version 20.08.0 or newer to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/KDE/ark/commits/master
x_refsource_MISC
https://www.debian.org/security/2020/dsa-4738
x_refsource_CONFIRM
https://kde.org/info/security/advisory-20200730-1.txt
x_refsource_CONFIRM

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.