Vulnerability Description
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Squashfs-Tools Project | Squashfs-Tools | 4.5 |
| Fedoraproject | Fedora | 34 |
| Debian | Debian Linux | 9.0 |
| Redhat | Enterprise Linux | 7.0 |
Related Weaknesses (CWE)
References
- https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790Third Party Advisory
- https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d3PatchThird Party Advisory
- https://github.com/plougher/squashfs-tools/issues/72ExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/08/msg00030.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202305-29
- https://www.debian.org/security/2021/dsa-4967Third Party Advisory
- https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790Third Party Advisory
- https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d3PatchThird Party Advisory
- https://github.com/plougher/squashfs-tools/issues/72ExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/08/msg00030.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202305-29
FAQ
What is CVE-2021-40153?
CVE-2021-40153 is a vulnerability with a CVSS score of 8.1 (HIGH). squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not valid...
How severe is CVE-2021-40153?
CVE-2021-40153 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-40153?
Check the references section above for vendor advisories and patch information. Affected products include: Squashfs-Tools Project Squashfs-Tools, Fedoraproject Fedora, Debian Debian Linux, Redhat Enterprise Linux.