2 matches found
CVE-2021-41072
CVE-2021-41072 affects squashfs-tools (unsquash-2.c and related code paths). A crafted Squashfs filesystem containing a symbolic link and subsequent content can cause unsquashfs to create/write through the link outside the destination directory, i.e., Directory Traversal. Impact is potential writ...
CVE-2021-40153
Summary: CVE-2021-40153 affects Squashfs-tools (4.5) through unsquash-1.c, with unvalidated filenames allowing writing outside the destination directory. A related issue, CVE-2021-41072, affects unsquash-2.c and enables Directory Traversal via crafted filesystem metadata. Both describe traversal ...