Wind River Support Network

HomeDefectsLIN1021-1494
Fixed

LIN1021-1494 : Security Advisory - squashfs-tools - CVE-2021-41072

Created: Sep 14, 2021    Updated: Nov 30, 2021
Resolved Date: Nov 22, 2021
Found In Version: 10.21.20.1
Fix Version: 10.21.20.7
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.

CREATE(Triage):(User=admin) CVE-2021-41072 (https://nvd.nist.gov/vuln/detail/CVE-2021-41072)

CVEs


Live chat
Online