Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-23177

Опубликовано: 23 авг. 2022
Источник: nvd
CVSS3: 7.8
EPSS Низкий

Описание

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*
Версия до 3.5.2 (исключая)
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
Конфигурация 5
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 12%
0.0004
Низкий

7.8 High

CVSS3

Дефекты

CWE-59
CWE-59

Связанные уязвимости

ubuntu логотип

CVE-2021-23177

CVSS3: 7.8
ubuntu
почти 3 года назад

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.

redhat логотип

CVE-2021-23177

CVSS3: 7.3
redhat
почти 4 года назад

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.

debian логотип

CVE-2021-23177

CVSS3: 7.8
debian
почти 3 года назад

An improper link resolution flaw while extracting an archive can lead ...

suse-cvrf логотип

SUSE-SU-2022:3393-1

suse-cvrf
больше 2 лет назад

Security update for libarchive

suse-cvrf логотип

SUSE-SU-2022:3306-1

suse-cvrf
почти 3 года назад

Security update for libarchive

EPSS

Процентиль: 12%
0.0004
Низкий

7.8 High

CVSS3

Дефекты

CWE-59
CWE-59