Suse
CVE-2024-57966
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L
AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.
AnalysisAI
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-36. libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive. Version information: before 24.12.0.
Affected ProductsAI
KDE ark.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same weakness CWE-36 – Absolute Path Traversal
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Low| Product | Status |
|---|---|
| SUSE Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Package Hub 15 SP6 | Fixed |
| SUSE Linux Enterprise Desktop 11 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 11 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 11 SP4 | Fixed |
| SUSE Linux Enterprise Point of Sale 11 SP3 | Fixed |
| SUSE Linux Enterprise Server 11 SP1-LTSS | Fixed |
| SUSE Linux Enterprise Server 11 SP2 | Fixed |
| SUSE Linux Enterprise Server 11 SP2-LTSS | Fixed |
| SUSE Linux Enterprise Server 11 SP3 | Fixed |
| SUSE Linux Enterprise Server 11 SP3-LTSS | Fixed |
| SUSE Linux Enterprise Server 11 SP4 | Fixed |
| SUSE Linux Enterprise Server 11 SP4 LTSS | Fixed |
| SUSE Linux Enterprise Server 11 SP4-LTSS | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today