CVE-2021-31566
published 2022-08-23CVE-2021-31566: An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | libarchive | < libarchive 3.5.2-1 (bookworm) | libarchive 3.5.2-1 (bookworm) |
| fedoraproject | fedora | — | — |
| libarchive | libarchive | < 3.5.2 | 3.5.2 |
| libarchive | libarchive | — | — |
| libarchive | libarchive | >= 0 < 3.4.3-2+deb11u1 | 3.4.3-2+deb11u1 |
| libarchive | libarchive | >= 0 < 3.5.2-1 | 3.5.2-1 |
| libarchive | libarchive | >= 0 < 3.5.2-1 | 3.5.2-1 |
| libarchive | libarchive | >= 0 < 3.5.2-1 | 3.5.2-1 |
| libarchive | libarchive | >= 0 < 3.4.0-2ubuntu1.1 | 3.4.0-2ubuntu1.1 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_for_ibm_z_systems | — | — |
| redhat | enterprise_linux_for_ibm_z_systems_eus | — | — |
| redhat | enterprise_linux_for_power_little_endian | — | — |
| redhat | enterprise_linux_for_power_little_endian_eus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solution | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| splunk | universal_forwarder | — | — |
| splunk | universal_forwarder | >= 8.2.0 < 8.2.12 | 8.2.12 |
| splunk | universal_forwarder | >= 9.0.0 < 9.0.6 | 9.0.6 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH