squashfs-tools project squashfs-tools 4.5 vulnerabilities and exploits

(subscribe to this query)

5.8

CVSSv2

squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs ...

Squashfs-tools Project Squashfs-tools 4.5 Debian Debian Linux 9.0 Debian Debian Linux 10.0 Debian Debian Linux 11.0

5.8

CVSSv2

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing...

Squashfs-tools Project Squashfs-tools 4.5 Fedoraproject Fedora 34 Debian Debian Linux 9.0 Debian Debian Linux 10.0 Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 8.0 Fedoraproject Fedora 33

5

CVSSv2

(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote malicious users to cause a denial of service (application crash) via a crafted input.

Squashfs Project Squashfs

4.3

CVSSv2

Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote malicious users to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.

Squashfs Project Squashfs Fedoraproject Fedora 21 Fedoraproject Fedora 22

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook