CVE-2021-40153

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Squashfs-Tools version 4.5

Description The issue is related to the squashfs opendir function in the unsquash-1.c component of Squashfs-Tools. This function stores the filename in the directory entry, which is then used by unsquashfs to create the new file during the unsquash process. However, the filename is not validated for traversal outside of the destination directory, allowing writing to locations outside of the destination. This can be exploited by a remote attacker to compromise data integrity and cause a denial of service.

Recommendations For Squashfs-Tools version 4.5, as a temporary workaround, consider disabling the squashfs opendir function until a patch is available. Restrict access to the unsquashfs component to minimize the risk of exploitation. Avoid using the unsquashfs command with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALSA-2024:2396

ALSA-2024:3139

ALT-PU-2021-2899

ALT-PU-2021-2957

ALT-PU-2022-1572

ALT-PU-2022-1691

ALT-PU-2022-1719

ALT-PU-2022-1744

AZL-7463

BDU:2021-05217

CESA-2024_3139

CVE-2021-40153

DLA-2752-1

DSA-4967-1

INFSA-2024_2396

INFSA-2024_3139

MGASA-2022-0010

OESA-2021-1425

OPENSUSE-SU-2023_4591-1

OPENSUSE-SU-2024:13035-1

RHSA-2024:2396

RHSA-2024:3139

RHSA-2024_2396

RHSA-2024_3139

RLSA-2024:3139

SUSE-SU-2023:4424-1

SUSE-SU-2023:4591-1

SUSE-SU-2024:2463-1

USN-5057-1

USN-5078-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Squashfs-Tools

Suse

Ubuntu

CVE-2021-40153

Weakness Enumeration

Related Identifiers

Affected Products

References · 87