Lucene search

K
nvd[email protected]NVD:CVE-2021-31566
HistoryAug 23, 2022 - 4:15 p.m.

CVE-2021-31566

2022-08-2316:15:09
CWE-59
web.nvd.nist.gov
8
improper link resolution
archive extraction
privilege escalation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.2%

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.

Affected configurations

Nvd
Node
libarchivelibarchiveRange<3.5.2
Node
fedoraprojectfedoraMatch35
Node
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linux_eusMatch8.6
OR
redhatenterprise_linux_for_ibm_z_systemsMatch8.0
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch8.6
OR
redhatenterprise_linux_for_power_little_endianMatch8.0
OR
redhatenterprise_linux_for_power_little_endian_eusMatch8.6
OR
redhatenterprise_linux_server_ausMatch8.6
OR
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.6
OR
redhatenterprise_linux_server_tusMatch8.6
Node
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linux_eusMatch8.6
OR
redhatenterprise_linux_for_ibm_z_systemsMatch8.0
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch8.6
OR
redhatenterprise_linux_for_power_little_endianMatch8.0
OR
redhatenterprise_linux_for_power_little_endian_eusMatch8.6
AND
redhatcodeready_linux_builderMatch-
Node
debiandebian_linuxMatch10.0
Node
splunkuniversal_forwarderRange8.2.08.2.12
OR
splunkuniversal_forwarderRange9.0.09.0.6
OR
splunkuniversal_forwarderMatch9.1.0
VendorProductVersionCPE
libarchivelibarchive*cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
redhatenterprise_linux_eus8.6cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
redhatenterprise_linux_for_ibm_z_systems8.0cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
redhatenterprise_linux_for_ibm_z_systems_eus8.6cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
redhatenterprise_linux_for_power_little_endian8.0cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
redhatenterprise_linux_for_power_little_endian_eus8.6cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
redhatenterprise_linux_server_aus8.6cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions8.6cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
Rows per page:
1-10 of 151

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

25.2%