25 matches found
Astra Linux – Vulnerability in squashfs-tools
The squashfsopendir function in unsquash-2.c within Squashfs-Tools 4.5 enables Directory Traversal, another vulnerability distinct from CVE-2021-40153. A squashfs filesystem that includes a symbolic link, along with files under the same filename, can cause unsquashfs to first create the symbolic...
CentOS 8 : squashfs-tools (CESA-2024:3139)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:3139 advisory. - squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new...
Stack Overflow
libsquashfs.so is vulnerable to Stack Overflow Error. The vulnerability is caused by an integer overflow in function readfragmenttable4 in a file unsquash-4.c while reading a return value from SQUASHFSFRAGMENTBYTES which can be larger than maximum value of a signed int. This can lead to applicati...
SUSE CVE-2015-4645
Integer overflow in the readfragmenttable4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service application crash via a crafted input, which triggers a stack-based buffer overflow...
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
...
The vulnerability of the `squashfs_opendir` function in the `unsquash-2.c` component of the Squashfs-Tools tooling suite relates to improper definition of symbolic links before accessing files. This vulnerability allows an attacker to compromise data integrity and cause service failures.
The vulnerability of the squashfs-opendir function in the unsquash-2.c component of the Squashfs-Tools suite for creating and extracting file systems is related to an incorrect definition of symbolic links before accessing files. Exploiting this vulnerability allows a remote attacker to compromis...
EulerOS Virtualization 2.9.1 : squashfs-tools (EulerOS-SA-2021-2748)
According to the versions of the squashfs-tools package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by...
Huawei EulerOS: Security Advisory for squashfs-tools (EulerOS-SA-2021-2645)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the `squashfs_opendir` function in the `unsquash-1.c` component of the Squashfs-Tools tooling suite relates to name space limitations on directories. This vulnerability allows an attacker to compromise data integrity and cause service failures.
The vulnerability of the squashfs-opendir function in the unsquash-1.c component of the Squashfs-Tools tooling suite relates to deficiencies in pathname limitation. Exploiting this vulnerability could allow an attacker to compromise data integrity and cause service failures...
UBUNTU-CVE-2021-41072
squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create th...
AZL-7463 CVE-2021-40153 affecting package squashfs-tools for versions less than 4.5.1-1
squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...
UBUNTU-CVE-2021-40153
squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...
(1) unsquash-1.c (2) unsquash-2.c (3) unsquash-3.c and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.
...
Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input which triggers a stack-based buffer overflow.
...
EulerOS 2.0 SP8 : squashfs-tools (EulerOS-SA-2019-2092)
According to the versions of the squashfs-tools package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in the readfragmenttable4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial o...
EulerOS 2.0 SP2 : squashfs-tools (EulerOS-SA-2019-1871)
According to the versions of the squashfs-tools package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in the readfragmenttable4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial o...
PT-2019-6144 · Unknown +9 · Squashfs-Tools +9
Name of the Vulnerable Software and Affected Versions: Squashfs-Tools version 4.5 Description: The issue is related to the squashfs opendir function in the unsquash-2.c component of Squashfs-Tools, which incorrectly handles symbolic links before accessing a file. This allows a remote attacker to...
CVE-2015-4646
1 unsquash-1.c, 2 unsquash-2.c, 3 unsquash-3.c, and 4 unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service application crash via a crafted input...
CVE-2015-4646
1 unsquash-1.c, 2 unsquash-2.c, 3 unsquash-3.c, and 4 unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service application crash via a crafted input...
UBUNTU-CVE-2015-4646
1 unsquash-1.c, 2 unsquash-2.c, 3 unsquash-3.c, and 4 unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service application crash via a crafted input...