MidnightBSD

Advisories for squashfs-tools_project

CVE-2021-40153 MEDIUM

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
redhat enterprise_linux 7.0
squashfs-tools_project squashfs-tools 4.5
debian debian_linux 9.0
redhat enterprise_linux 8.0
fedoraproject fedora 33
debian debian_linux 10.0
fedoraproject fedora 34
CVE-2021-41072 MEDIUM

squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H 2.8 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-59,

Products Affected

Vendor Product Version
squashfs-tools_project squashfs-tools 4.5
debian debian_linux 11.0
debian debian_linux 9.0
debian debian_linux 10.0