Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
squashfs vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2012-4024
Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and previous versions allows remote malicious users to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the...
Squashfs Project Squashfs
605
VMScore
CVE-2012-4025
Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and previous versions allows remote malicious users to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.
Squashfs Project Squashfs
445
VMScore
CVE-2015-4646
(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote malicious users to cause a denial of service (application crash) via a crafted input.
Squashfs Project Squashfs
383
VMScore
CVE-2015-4645
Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote malicious users to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.
Squashfs Project Squashfs
Fedoraproject Fedora 21
Fedoraproject Fedora 22
516
VMScore
CVE-2021-41072
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs ...
Squashfs-tools Project Squashfs-tools 4.5
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
516
VMScore
CVE-2021-40153
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing...
Squashfs-tools Project Squashfs-tools 4.5
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 33
NA
CVE-2023-40481
7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote malicious users to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must v...
1 Github repository
495
VMScore
CVE-2006-5701
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.
Linux Linux Kernel 2.6.0
Linux Linux Kernel 2.6.10
Linux Linux Kernel 2.6.11.7
Linux Linux Kernel 2.6.11.8
Linux Linux Kernel 2.6.12.4
Linux Linux Kernel 2.6.12.5
Linux Linux Kernel 2.6.13.2
Linux Linux Kernel 2.6.13.3
Linux Linux Kernel 2.6.14.1
Linux Linux Kernel 2.6.14.2
Linux Linux Kernel 2.6.14.3
Linux Linux Kernel 2.6.15
Linux Linux Kernel 2.6.15.1
Linux Linux Kernel 2.6.16
Linux Linux Kernel 2.6.16.7
Linux Linux Kernel 2.6.16.9
Linux Linux Kernel 2.6.11
Linux Linux Kernel 2.6.11.11
Linux Linux Kernel 2.6.12.6
Linux Linux Kernel 2.6.12
Linux Linux Kernel 2.6.13.4
Linux Linux Kernel 2.6.13
1 EDB exploit
NA
CVE-2022-33967
squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition ...
Denx U-boot 2021.04
Denx U-boot 2022.07
Denx U-boot 2022.01
Denx U-boot 2020.10
Denx U-boot 2021.01
Denx U-boot 2022.04
890
VMScore
CVE-2019-17509
D-Link DIR-846 devices with firmware 100A35 allow remote malicious users to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/SetMasterWLanSettings...
Dlink Dir-846 Firmware 100a35
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »