CVE-2021-40153 — Path Traversal in Squashfs-tools
Severity
8.1HIGHNVD
EPSS
0.5%
top 32.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedAug 27
Latest updateMay 24
Description
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2
Affected Packages7 packages
Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 33, 34, Enterprise Linux 7.0, 8.0
Patches
🔴Vulnerability Details
5📋Vendor Advisories
8Microsoft▶
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link ↗2021-09-14
Microsoft▶
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not valid↗2021-08-10