CVE-2024-57966Absolute Path Traversal in ARK

CWE-36Absolute Path Traversal5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.0%
top 95.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
KDE ARK
Timeline
PublishedFeb 3

Description

libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:LExploitability: 1.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5kde/ark< 24.12.0
Debiankde/ark< 4:20.12.2-1+deb11u1+3

🔴Vulnerability Details

3
CVEList
CVE-2024-57966: libarchiveplugin2025-02-03
GHSA
GHSA-v9cx-qp5g-qchc: libarchiveplugin2025-02-03
OSV
CVE-2024-57966: libarchiveplugin2025-02-03

📋Vendor Advisories

1
Debian
CVE-2024-57966: ark - libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path f...2024
CVE-2024-57966 — Absolute Path Traversal in KDE ARK | cvebase