PT-2021-6390 · Unknown+10 · Libarchive+10

Mmatuska

Published

2021-12-24

Updated

2025-11-25

CVE-2021-23177

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libarchive (affected versions not specified)

Description An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-61CWE-59

Related Identifiers

ALSA-2022:0892

ALT-PU-2022-1454

ALT-PU-2022-1524

ALT-PU-2022-3332

BDU:2022-01463

CESA-2022_0892

CVE-2021-23177

DLA-2987-1

DLA-3202-1

JLSEC-2025-235

OESA-2022-1494

OPENSUSE-SU-2022_3306-1

OPENSUSE-SU-2022_3393-1

OPENSUSE-SU-2024:13549-1

RHSA-2022:0892

RHSA-2022_0892

RLSA-2022:0892

SUSE-SU-2022:3306-1

SUSE-SU-2022:3393-1

SUSE-SU-2022_3306-1

SUSE-SU-2022_3393-1

USN-5291-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libarchive

PT-2021-6390 · Unknown+10 · Libarchive+10

CVE-2021-23177

Weakness Enumeration

Related Identifiers

Affected Products

References · 49