CVE-2021-40153 - CERT CVE
ID CVE-2021-40153
Sažetak squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.
Reference
CVSS
Base: 5.8
Impact: 4.9
Exploitability:8.6
Pristup
VektorSloženostAutentikacija
NETWORK MEDIUM NONE
Impact
PovjerljivostCjelovitostDostupnost
NONE PARTIAL PARTIAL
CVSS vektor AV:N/AC:M/Au:N/C:N/I:P/A:P
Zadnje važnije ažuriranje 07-11-2023 - 03:38
Objavljeno 27-08-2021 - 15:15