First published: Fri Aug 27 2021(Updated: )
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/squashfs-tools | 1:4.3-12+deb10u2 1:4.4-2+deb11u2 1:4.5.1-1 1:4.6.1-1 | |
Squashfs-tools Project Squashfs-tools | =4.5 | |
Fedoraproject Fedora | =34 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Fedoraproject Fedora | =33 | |
redhat/squashfs-tools | <4.5 | 4.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-40153.
The severity of CVE-2021-40153 is high with a CVSS score of 8.1.
The software affected by CVE-2021-40153 includes Squashfs-Tools version 4.5 and Debian Linux versions 9.0 and 10.0.
CVE-2021-40153 allows writing to locations outside of the destination directory by not validating the filename for traversal.
Yes, the fix for CVE-2021-40153 is available. Please refer to the references for more information.