Vulnerability Details : CVE-2021-40153
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.
Vulnerability category: Directory traversal
Products affected by CVE-2021-40153
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:a:squashfs-tools_project:squashfs-tools:4.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-40153
1.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-40153
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:P |
8.6
|
4.9
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
2.8
|
5.2
|
NIST |
CWE ids for CVE-2021-40153
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-40153
-
https://github.com/plougher/squashfs-tools/issues/72
unsquashfs - unvalidated filepaths allow writing outside of destination · Issue #72 · plougher/squashfs-tools · GitHubExploit;Third Party Advisory
-
https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646
Unsquashfs: fix write outside destination directory exploit · plougher/squashfs-tools@79b5a55 · GitHubPatch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/08/msg00030.html
[SECURITY] [DLA 2752-1] squashfs-tools security updateMailing List;Third Party Advisory
-
https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790
Error: Page not foundThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSMRKVJMJFX3MB7D3PXJSYY3TLZROE5S/
[SECURITY] Fedora 33 Update: squashfs-tools-4.5-3.20210913gite048580.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAOZ4BKWAC4Y3U2K5MMW3S77HWWXHQDL/
[SECURITY] Fedora 34 Update: squashfs-tools-4.5-2.fc34 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://www.debian.org/security/2021/dsa-4967
Debian -- Security Information -- DSA-4967-1 squashfs-toolsThird Party Advisory
-
https://security.gentoo.org/glsa/202305-29
squashfs-tools: Multiple Vulnerabilities (GLSA 202305-29) — Gentoo security
Jump to