Lucene search
K

25 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in squashfs-tools

The squashfsopendir function in unsquash-2.c within Squashfs-Tools 4.5 enables Directory Traversal, another vulnerability distinct from CVE-2021-40153. A squashfs filesystem that includes a symbolic link, along with files under the same filename, can cause unsquashfs to first create the symbolic...

8.1CVSS6.7AI score0.02296EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/05/22 12:0 a.m.40 views

CentOS 8 : squashfs-tools (CESA-2024:3139)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:3139 advisory. - squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new...

8.1CVSS6.5AI score0.025EPSS
Exploits2References3
Veracode
Veracode
added 2023/11/07 11:16 a.m.23 views

Stack Overflow

libsquashfs.so is vulnerable to Stack Overflow Error. The vulnerability is caused by an integer overflow in function readfragmenttable4 in a file unsquash-4.c while reading a return value from SQUASHFSFRAGMENTBYTES which can be larger than maximum value of a signed int. This can lead to applicati...

5.5CVSS7.3AI score0.0316EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:17 a.m.4 views

SUSE CVE-2015-4645

Integer overflow in the readfragmenttable4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service application crash via a crafted input, which triggers a stack-based buffer overflow...

5.5CVSS6.2AI score0.0316EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2022/01/20 8:0 a.m.5 views

squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.

...

8.1CVSS6.7AI score0.025EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2021/12/21 12:0 a.m.4 views

The vulnerability of the `squashfs_opendir` function in the `unsquash-2.c` component of the Squashfs-Tools tooling suite relates to improper definition of symbolic links before accessing files. This vulnerability allows an attacker to compromise data integrity and cause service failures.

The vulnerability of the squashfs-opendir function in the unsquash-2.c component of the Squashfs-Tools suite for creating and extracting file systems is related to an incorrect definition of symbolic links before accessing files. Exploiting this vulnerability allows a remote attacker to compromis...

8.8CVSS6.7AI score0.02296EPSS
Exploits1References15Affected Software7
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.26 views

EulerOS Virtualization 2.9.1 : squashfs-tools (EulerOS-SA-2021-2748)

According to the versions of the squashfs-tools package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by...

8.1CVSS6.4AI score0.025EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/11/03 12:0 a.m.8 views

Huawei EulerOS: Security Advisory for squashfs-tools (EulerOS-SA-2021-2645)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS8.2AI score0.025EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2021/10/27 12:0 a.m.5 views

The vulnerability of the `squashfs_opendir` function in the `unsquash-1.c` component of the Squashfs-Tools tooling suite relates to name space limitations on directories. This vulnerability allows an attacker to compromise data integrity and cause service failures.

The vulnerability of the squashfs-opendir function in the unsquash-1.c component of the Squashfs-Tools tooling suite relates to deficiencies in pathname limitation. Exploiting this vulnerability could allow an attacker to compromise data integrity and cause service failures...

8.1CVSS6.5AI score0.025EPSS
Exploits1References15Affected Software7
OSV
OSV
added 2021/09/14 12:0 a.m.2 views

UBUNTU-CVE-2021-41072

squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create th...

8.1CVSS6.7AI score0.02296EPSS
Exploits1References7
OSV
OSV
added 2021/08/27 3:15 p.m.7 views

AZL-7463 CVE-2021-40153 affecting package squashfs-tools for versions less than 4.5.1-1

squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...

8.1CVSS6.6AI score0.025EPSS
Exploits1References1
OSV
OSV
added 2021/08/27 3:15 p.m.4 views

UBUNTU-CVE-2021-40153

squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...

8.1CVSS6.7AI score0.025EPSS
Exploits1References8
Microsoft CVE
Microsoft CVE
added 2021/07/30 7:0 a.m.2 views

(1) unsquash-1.c (2) unsquash-2.c (3) unsquash-3.c and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.

...

7.5CVSS7AI score0.0691EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2021/07/30 12:0 a.m.4 views

Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input which triggers a stack-based buffer overflow.

...

5.5CVSS7AI score0.0316EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/09/30 12:0 a.m.21 views

EulerOS 2.0 SP8 : squashfs-tools (EulerOS-SA-2019-2092)

According to the versions of the squashfs-tools package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in the readfragmenttable4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial o...

7.5CVSS7AI score0.0691EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/09/17 12:0 a.m.26 views

EulerOS 2.0 SP2 : squashfs-tools (EulerOS-SA-2019-1871)

According to the versions of the squashfs-tools package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Integer overflow in the readfragmenttable4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial o...

7.5CVSS7AI score0.0691EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/09/10 12:0 a.m.3 views

PT-2019-6144 · Unknown +9 · Squashfs-Tools +9

Name of the Vulnerable Software and Affected Versions: Squashfs-Tools version 4.5 Description: The issue is related to the squashfs opendir function in the unsquash-2.c component of Squashfs-Tools, which incorrectly handles symbolic links before accessing a file. This allows a remote attacker to...

8.8CVSS6.3AI score0.0691EPSS
Exploits2References98
OSV
OSV
added 2017/04/13 5:59 p.m.9 views

CVE-2015-4646

1 unsquash-1.c, 2 unsquash-2.c, 3 unsquash-3.c, and 4 unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service application crash via a crafted input...

7.5CVSS7.3AI score
Exploits0References5
NVD
NVD
added 2017/04/13 5:59 p.m.18 views

CVE-2015-4646

1 unsquash-1.c, 2 unsquash-2.c, 3 unsquash-3.c, and 4 unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service application crash via a crafted input...

7.5CVSS7.2AI score0.0691EPSS
Exploits0References4
OSV
OSV
added 2017/04/13 5:59 p.m.3 views

UBUNTU-CVE-2015-4646

1 unsquash-1.c, 2 unsquash-2.c, 3 unsquash-3.c, and 4 unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service application crash via a crafted input...

7.5CVSS7.2AI score0.0691EPSS
Exploits0References3
Rows per page
Query Builder