CVE-2021-41072

squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.

Published: Sep 14, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-41072
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P

CWEs:

CWE-22
CWE-59

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
squashfs-tools_project / squashfs-tools	4.5	4.5.x
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x

https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd
https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405
https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html
https://security.gentoo.org/glsa/202305-29
https://www.debian.org/security/2021/dsa-4987

Vulnerability Database

290,206

CVE-2021-41072