CVE-2021-40153: Path Traversal
First published: Fri Aug 27 2021(Updated: )
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/squashfs-tools | 1:4.3-12+deb10u2 1:4.4-2+deb11u2 1:4.5.1-1 1:4.6.1-1 | |
| Squashfs-tools Project Squashfs-tools | =4.5 | |
| Fedoraproject Fedora | =34 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Fedoraproject Fedora | =33 | |
| redhat/squashfs-tools | <4.5 | 4.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790
- https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646
- https://github.com/plougher/squashfs-tools/issues/72
- https://security-tracker.debian.org/tracker/CVE-2021-40153
- https://lists.debian.org/debian-lts-announce/2021/08/msg00030.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSMRKVJMJFX3MB7D3PXJSYY3TLZROE5S/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAOZ4BKWAC4Y3U2K5MMW3S77HWWXHQDL/
- https://security.gentoo.org/glsa/202305-29
- https://www.debian.org/security/2021/dsa-4967
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1998622
- https://access.redhat.com/errata/RHSA-2024:2396
- https://bugzilla.redhat.com/show_bug.cgi?id=1998621
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-40153.
What is the severity of CVE-2021-40153?
The severity of CVE-2021-40153 is high with a CVSS score of 8.1.
Which software is affected by CVE-2021-40153?
The software affected by CVE-2021-40153 includes Squashfs-Tools version 4.5 and Debian Linux versions 9.0 and 10.0.
How does CVE-2021-40153 exploit work?
CVE-2021-40153 allows writing to locations outside of the destination directory by not validating the filename for traversal.
Is there a fix available for CVE-2021-40153?
Yes, the fix for CVE-2021-40153 is available. Please refer to the references for more information.
- collector/security-tracker-debian
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-40153
- agent/software-canonical-lookup
- package-manager/debian
- vendor/squashfs-tools project
- canonical/squashfs-tools project squashfs-tools
- version/squashfs-tools project squashfs-tools/4.5
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- version/fedoraproject fedora/33
- package-manager/redhat