squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the file ...

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

Уязвимость функции squashfs_opendir компонента unsquash-1.c набора инструментов для создания и извлечения файловых систем Squashfs Squashfs-Tools, связанная с недостатками ограничения имени пути к каталогу, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

Moderate: squashfs-tools security update

Moderate: squashfs-tools security update

ELSA-2024-3139: squashfs-tools security update (MODERATE)

ELSA-2024-2396: squashfs-tools security update (MODERATE)

Security update for squashfs

Security update for squashfs