CVE-2021-41072

moderate-risk
Published 2021-09-14

squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.

Do I need to act?

~
3.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10 High
NETWORK / LOW complexity

Affected Products (4)

Squashfs-Tools

Affected Vendors

Debian Squashfs-Tools Project

References (10)

Patch https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d...
Exploit https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405
Mailing List https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html
https://security.gentoo.org/glsa/202305-29
Third Party Advisory https://www.debian.org/security/2021/dsa-4987
Patch https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d...
Exploit https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405
Mailing List https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html
https://security.gentoo.org/glsa/202305-29
Third Party Advisory https://www.debian.org/security/2021/dsa-4987
45
/ 100
moderate-risk
Severity 28/34 · Critical
Exploitability 7/34 · Low
Exposure 10/34 · Low