CVE-2021-40153

Published: Aug 27, 2021Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

Affected (7)

Products: Squashfs Tools Project: Squashfs Tools · Fedoraproject: Fedora · Debian: Debian Linux · +1 more

Show all products

Squashfs Tools Project: Squashfs Tools · Fedoraproject: Fedora · Debian: Debian Linux · Redhat: Enterprise Linux

Squashfs Tools Project

1 product

1 product

1 product

1 product

Enterprise Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Squashfs Tools Project Squashfs Tools	Version 4.5

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (16)

https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790

Source: cve@mitre.org

Third Party Advisory

https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/plougher/squashfs-tools/issues/72

Source: cve@mitre.org

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/08/msg00030.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSMRKVJMJFX3MB7D3PXJSYY3TLZROE5S/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAOZ4BKWAC4Y3U2K5MMW3S77HWWXHQDL/

Source: cve@mitre.org

https://security.gentoo.org/glsa/202305-29

Source: cve@mitre.org

https://www.debian.org/security/2021/dsa-4967

Source: cve@mitre.org

Third Party Advisory

https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/plougher/squashfs-tools/issues/72

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/08/msg00030.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSMRKVJMJFX3MB7D3PXJSYY3TLZROE5S/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAOZ4BKWAC4Y3U2K5MMW3S77HWWXHQDL/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202305-29

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2021/dsa-4967

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.