CVE-2021-32610
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.2 High
AI Score
Confidence
High
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
76.7%
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
References
github.com/pear/Archive_Tar/commit/7789ebb2f34f9e4adb3a4152ad0d1548930a9755
github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f
github.com/pear/Archive_Tar/releases/tag/1.4.14
lists.debian.org/debian-lts-announce/2021/07/msg00023.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAODVMHGL5MHQWQAQTXQ7G7OE3VQZ7LS/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G5LTY6COQYNMMHQJ3QIOJHEWCKD4XDFH/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VJQQYDAOWHD6RDITDRPHFW7WY6BS3V5N/
www.drupal.org/sa-core-2021-004
Social References
More
Related
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.2 High
AI Score
Confidence
High
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
76.7%