CVE-2020-36314: GNOME Archive Manager Traversal Attack

Summary: A malicious archive may be able to overwrite arbitrary files with GNOME Archive Manager

Steps to reproduce: 1- Download dirsymlink2a.tar 2- Extract it with Archive Manager

Proof of concept: 2020-11-11_18-28-38.mp4

Version: Ubuntu 20.10

Thank you,

Edited Apr 07, 2021 by Ondrej Holy