CVE-2021-41072Link Following in Squashfs-tools

CWE-59Link FollowingCWE-22Path Traversal10 documents7 sources
Severity
8.1HIGHNVD
EPSS
3.6%
top 12.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Squashfs-tools Project Squashfs-toolsDebian Squashfs-toolsDebian Linux+3 more
Timeline
PublishedSep 14
Latest updateMay 24

Description

squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages7 packages

debiandebian/squashfs-tools< squashfs-tools 1:4.5-3 (bookworm)
Debiansquashfs-tools_project/squashfs-tools< 1:4.4-2+deb11u2+3
Ubuntusquashfs-tools_project/squashfs-tools< 1:4.3-3ubuntu2.16.04.3+esm1

Also affects: Debian Linux 10.0, 11.0, 9.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-f6m6-9fjw-69qm: squashfs_opendir in unsquash-22022-05-24
OSV
squashfs-tools vulnerabilities2021-09-15
OSV
CVE-2021-41072: squashfs_opendir in unsquash-22021-09-14

📋Vendor Advisories

6
Ubuntu
Squashfs-Tools vulnerability2021-10-13
Ubuntu
Squashfs-Tools vulnerabilities2021-09-15
Ubuntu
Squashfs-Tools vulnerability2021-09-15
Red Hat
squashfs-tools: possible Directory Traversal via symbolic link2021-09-14
Microsoft
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link 2021-09-14