CVE-2021-41072
8.1 HIGHsquashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153
Published: 2021-09-14 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 8.1 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
- CWE
- CWE-22, CWE-59
Affected products
| Vendor | Product |
|---|---|
| debian | debian_linux, squashfs-tools |
| squashfs-tools_project | debian_linux, squashfs-tools |
Description
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41072
- [Patch]https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd
- [Exploit reference]https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405
- [Other]https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html
- [Other]https://security.gentoo.org/glsa/202305-29
- [Other]https://www.debian.org/security/2021/dsa-4987
- [Patch]https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd
- [Exploit reference]https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405
- [Other]https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html
- [Other]https://security.gentoo.org/glsa/202305-29
- [Other]https://www.debian.org/security/2021/dsa-4987
Related CVEs
Same vendor
- CVE-2026-49975 — Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP ... (7.5 HIGH)
- CVE-2026-31431 — In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly r... (7.8 HIGH)
- CVE-2026-4775 — A flaw was found in the libtiff library (7.8 HIGH)
- CVE-2026-3497 — Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions (7.5 HIGH)
- CVE-2026-2219 — It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the dat... (7.5 HIGH)
Same CWE
- CVE-2026-48777 — FileBrowser Quantum is a free, self-hosted, web-based file manager
- CVE-2026-50656 — Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as ... (7.8 HIGH)
- CVE-2026-8442 — The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8 (8.1 HIGH)
- CVE-2026-49766 — Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions (9.9 CRITICAL)
- CVE-2026-49061 — Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions (7.5 HIGH)