CVE-2021-41072

Published: Sep 14, 2021Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.

Affected (4)

Products: Squashfs Tools Project: Squashfs Tools · Debian: Debian Linux

Squashfs Tools Project

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Squashfs Tools Project Squashfs Tools	Version 4.5

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0
Debian Debian Linux	Version 9.0

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (10)

https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405

Source: cve@mitre.org

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202305-29

Source: cve@mitre.org

https://www.debian.org/security/2021/dsa-4987

Source: cve@mitre.org

Third Party Advisory

https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.gentoo.org/glsa/202305-29

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2021/dsa-4987

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.