Msrc Cbl2 Squashfs-Tools 4.5.1-1 On Cbl Mariner 2.0 vulnerabilities
2 known vulnerabilities affecting msrc/cbl2_squashfs-tools_4.5.1-1_on_cbl_mariner_2.0.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2021-41072HIGHCVSS 8.12021-09-14
CVE-2021-41072 [HIGH] CWE-22 squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause un
msrc
CVE-2021-40153HIGHCVSS 8.12021-08-10
CVE-2021-40153 [HIGH] CWE-22 squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not valid
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory and thus allow
msrc