Astra Linux - уязвимость в squashfs-tools

In Squashfs-Tools 4.5, the squashfsopendir variable in unsquash-1.c stores the filename within the directory entry. This filename is then used by unsquashfs to create the new file during the unsquash process. The filename is not validated for traversal outside of the destination directory, allowi...

CLSA-2026-1777544697 squashfs-tools: Fix of CVE-2021-40153

CVE-2021-40153: fix write outside destination directory in unsquashfs...

EUVD-2021-27338

Malware in sbrugna...

Unity Linux 20.1070e Security Update: squashfs-tools (UTSA-2025-680652)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680652 advisory. squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the...

Unity Linux 20.1070e Security Update: squashfs-tools (UTSA-2025-680654)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680654 advisory. squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been...

EUVD-2021-28223

Malicious code in bioql PyPI...

CLSA-2025-1751888935 squashfs-tools: Fix of CVE-2021-41072

CVE-2021-41072: fix squashfsopendir directory traversal vulnerability by restricting unsquashfs write operations...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.102001)

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.102001 advisory. - squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability...

SUSE: Security Advisory (SUSE-SU-2023:4591-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Duplicate Advisory: EVE Doesn't Protect Rootfs

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc42-fcjp-v8vq. This link is maintained to preserve external references. Original Description In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in t...

PT-2023-28892

Name of the Vulnerable Software and Affected Versions EVE OS versions 9.0.0 and earlier Description The "measured boot" mechanism in EVE OS is designed to prevent a compromised device from accessing the encrypted data located in the vault. However, this mechanism does not validate the entire...

GLSA-202305-29 : squashfs-tools: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-29 squashfs-tools: Multiple Vulnerabilities - squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The...

SUSE CVE-2012-4024

Stack-based buffer overflow in the getcomponent function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file aka a crafted file for the -ef option. NOTE: probably in most cases, the list file is a trusted file...

SUSE CVE-2012-4025

Integer overflow in the queueinit function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted blocklog field in the superblock of a .sqsh file, leading to a heap-based buffer overflow...

SUSE CVE-2021-40153

squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...

SUSE CVE-2021-41072

squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create th...

EulerOS Virtualization 3.0.2.2 : squashfs-tools (EulerOS-SA-2023-1294)

According to the versions of the squashfs-tools package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by...

EulerOS 2.0 SP3 : squashfs-tools (EulerOS-SA-2022-1189)

According to the versions of the squashfs-tools package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to crea...

Huawei EulerOS: Security Advisory for squashfs-tools (EulerOS-SA-2022-1096)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.0 : squashfs-tools (EulerOS-SA-2022-1096)

According to the versions of the squashfs-tools package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by...