Zeyad Gouda

**Name of the Vulnerable Software and Affected Versions** snapd versions prior to 2.62 **Description** The issue is related to the improper checking of symbolic link destinations when extracting a snap. This could allow an attacker to convince a user to install a malicious snap, which in turn could cause snapd to write out the contents of the symbolic link destination into a world-readable directory. As a result, an unprivileged user could gain access to privileged information. The snap format is a squashfs file-system image that can contain symbolic links and other file types. Various file entries within the snap squashfs image, such as icons and desktop files, are directly read by snapd when it is extracted. **Recommendations** To resolve the issue, update to version 2.62 or later. As a temporary workaround, consider restricting the installation of snaps from untrusted sources to minimize the risk of exploitation. Avoid using snaps that contain symbolic links at paths that could be used to write out the contents of the symbolic link destination into a world-readable directory.

**Name of the Vulnerable Software and Affected Versions** snapd versions prior to 2.62 **Description** The issue is related to the improper checking of file types when extracting a snap. The snap format, being a squashfs file-system image, can contain non-regular files such as pipes or sockets. When snapd extracts a snap, it directly reads various file entries, including icons, from the snap squashfs image. An attacker could exploit this by convincing a user to install a malicious snap containing non-regular files at specific paths, causing snapd to block indefinitely and resulting in a denial of service. **Recommendations** For snapd versions prior to 2.62, update to version 2.62 or later to resolve the issue. As a temporary workaround, consider restricting the installation of snaps from untrusted sources to minimize the risk of exploitation.