Updated: 2026-02-27 00:29:23.926465
Description:
fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used by GNOME Shell and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-11736.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | LOW | 2.6 |
| CVSS Version 3.x | LOW | 3.9 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | file-roller | 2.28.2 | 3.9 | LOW | Ignored | 2024-05-06 17:22:42 | Ignored due to low severity | |
| CentOS 8.4 ELS | file-roller | 3.28.1 | 3.9 | LOW | Released | CLSA-2022:1643124469 | 2022-01-25 17:06:35 | |
| CentOS 8.5 ELS | file-roller | 3.28.1 | 3.9 | LOW | Not Vulnerable | 2022-02-08 05:24:51 | Not affected: in this distribution, file-roller 3.28.1 is shipped as 3.28.1-4 (Apr 15, 2021), which ... | |
| CloudLinux 6 ELS | file-roller | 2.28.2 | 3.9 | LOW | Ignored | 2024-05-06 17:22:42 | Ignored due to low severity | |
| Debian 10 ELS | file-roller | 3.30.1 | 3.9 | LOW | Ignored | 2025-10-11 00:23:27 | Ignored due to low severity | |
| Oracle Linux 6 ELS | file-roller | 2.28.2 | 3.9 | LOW | Ignored | 2024-05-06 17:22:42 | Ignored due to low severity | |
| Ubuntu 16.04 ELS | file-roller | 3.16.5 | 3.9 | LOW | Ignored | 2021-11-02 14:03:16 | Ignored due to low severity |