PT-2021-6391 · Unknown+10 · Libarchive+10

Mmatuska

Published

2021-12-24

Updated

2025-11-25

CVE-2021-31566

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libarchive (affected versions not specified)

Description The issue is related to an improper link resolution flaw that occurs when extracting an archive, potentially allowing an attacker to change modes, times, access control lists, and flags of a file outside of the archive. This could be exploited by a local attacker to gain more privileges in a system by providing a malicious archive to a victim user. The flaw is also associated with the tracking of symbolic links in the libarchive library, which could be exploited by creating a specially crafted link to a malicious file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-61CWE-59

Related Identifiers

ALSA-2022:0892

ALT-PU-2022-1454

ALT-PU-2022-1524

ALT-PU-2022-3332

BDU:2022-01464

CESA-2022_0892

CVE-2021-31566

DLA-2987-1

DLA-3202-1

JLSEC-2025-236

MGASA-2022-0060

OESA-2022-1494

OPENSUSE-SU-2022_3935-1

OPENSUSE-SU-2022_3936-1

OPENSUSE-SU-2024:11894-1

RHSA-2022:0892

RHSA-2022_0892

RLSA-2022:0892

SUSE-SU-2022:3935-1

SUSE-SU-2022:3936-1

SUSE-SU-2022_3935-1

SUSE-SU-2022_3936-1

USN-5291-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libarchive

PT-2021-6391 · Unknown+10 · Libarchive+10

CVE-2021-31566

Weakness Enumeration

Related Identifiers

Affected Products

References · 55