CVE-2021-32610

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Archive Tar versions prior to 1.4.14

Description The issue is related to incorrect link resolution before file access, potentially allowing an attacker to impact data integrity, availability, and confidentiality. It involves symlinks referring to targets outside of the extracted archive.

Recommendations For versions prior to 1.4.14, update to version 1.4.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the Archive Tar package until a patch is applied.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

ALSA-2022:7628

BDU:2021-05771

CESA-2022_7628

CVE-2021-32610

DLA-2721-1

DRUPAL-CORE-2021-004

GHSA-P8Q8-JFCV-G2H2

MGASA-2021-0393

OPENSUSE-SU-2022_3198-2

OPENSUSE-SU-2024:11168-1

OPENSUSE-SU-2024:11170-1

RHSA-2022:7628

RHSA-2022_7628

RLSA-2022:7628

SUSE-SU-2022:3198-1

SUSE-SU-2022:3198-2

SUSE-SU-2022_3198-1

USN-5027-1

USN-5027-2

Affected Products

Almalinux

Archive Tar

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2021-32610

Weakness Enumeration

Related Identifiers

Affected Products

References · 62