Published: 14/09/2021 Updated: 30/05/2023

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote malicious users to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. (CVE-2015-4645) (1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote malicious users to cause a denial of service (application crash) via a crafted input. (CVE-2015-4646) squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. (CVE-2021-40153) squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem. (CVE-2021-41072)

Vulnerable Product	Search on Vulmon	Subscribe to Product
squashfs-tools project squashfs-tools 4.5
debian debian linux 9.0
debian debian linux 10.0
debian debian linux 11.0

Debian Bug report logs - #994262 squashfs-tools: CVE-2021-41072 Package: src:squashfs-tools; Maintainer for src:squashfs-tools is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 14 Sep 2021 20:09:04 UTC Severity: important Tags: security, upstream Found in ...

Richard Weinberger reported that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not check for duplicate filenames within a directory An attacker can take advantage of this flaw for writing to arbitrary files to the filesystem if a malformed Squashfs image is processed For the oldstable distribution (buste ...

Integer overflow in the read_fragment_table_4 function in unsquash-4c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow (CVE-2015-4645) (1) unsquash-1c, (2) unsquash-2c, (3) unsquash-3c, and (4) unsquash-4c in Squashfs and sasqua ...

A directory traversal flaw was found in squashfs-tools During extraction, a file can escape the destination directory by using a symbolic link, and a regular file with an identical name This flaw allows a specially crafted squashfs archive to install or overwrite files outside of the destination directory ...

squashfs_opendir in unsquash-2c in Squashfs-Tools 45 allows directory traversal, a different vulnerability than CVE-2021-40153 A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected direct ...

CWE-22 CWE-59 https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405 https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd https://www.debian.org/security/2021/dsa-4987 https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html https://security.gentoo.org/glsa/202305-29 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994262 https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4987 https://alas.aws.amazon.com/AL2/ALAS-2023-2152.html

CVE-2021-41072

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect