CVE-2011-2725 — Path Traversal in ARK

CWE-22 — Path Traversal7 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

0.4%

top 40.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE ARK KDE SC Canonical Ubuntu Linux +1 more

Timeline

PublishedFeb 4

Latest updateMay 14

Description

Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDkde/ark2.17

▶NVDkde/kde_sc4.7.4+4

▶NVDopensuse/opensuse11.4

Also affects: Ubuntu Linux 10.04, 10.10, 11.04, 11.10

🔴Vulnerability Details

GHSA

GHSA-39q3-w6r4-xp9g: Directory traversal vulnerability in Ark 4↗2022-05-14

▶

CVEList

CVE-2011-2725: Directory traversal vulnerability in Ark 4↗2014-02-04

▶

📋Vendor Advisories

Ubuntu

KDE Utilities vulnerability↗2011-11-21

▶

Red Hat

kdeutils: Ark path traversal↗2011-07-25

▶

💬Community

Bugzilla

CVE-2011-2725 KDE Utilities Ark path traversal [fedora-all]↗2011-10-07

▶

Bugzilla

CVE-2011-2725 kdeutils: Ark path traversal↗2011-07-26

▶