Back to bug 1998621
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Guilherme de Almeida Suckevicz | 2021-08-27 18:20:47 UTC | Depends On | 1998622 | |
| Cedric Buissart | 2021-09-01 12:03:50 UTC | Priority | low | medium |
| Severity | low | medium | ||
| Cedric Buissart | 2021-09-02 14:57:31 UTC | Depends On | 2000637, 2000638 | |
| Cedric Buissart | 2021-09-02 16:11:01 UTC | Depends On | 2000656 | |
| Cedric Buissart | 2021-09-02 16:44:00 UTC | Fixed In Version | squashfs-tools 4.5 | |
| Cedric Buissart | 2021-09-02 16:45:09 UTC | Comment | 0 | updated |
| Cedric Buissart | 2021-09-02 16:48:59 UTC | Doc Text | Squashfs-tools was found to be vulnerable to an attack similar to zip-slip, where, during extraction, a file can escape the destination directory either via the '../' string to access the parent directory, or via symlinks. A specially crafted squashfs archive could use this flaw to install or overwrite files outside of the destination directory. | |
| Cedric Buissart | 2021-09-02 17:04:18 UTC | Doc Text | Squashfs-tools was found to be vulnerable to an attack similar to zip-slip, where, during extraction, a file can escape the destination directory either via the '../' string to access the parent directory, or via symlinks. A specially crafted squashfs archive could use this flaw to install or overwrite files outside of the destination directory. | Squashfs-tools was found to be vulnerable to attacks similar to zip-slip : during extraction, a file can escape the destination directory either via the '../' string to access the parent directory, or via symlinks. A specially crafted squashfs archive could use this flaw to install or overwrite files outside of the destination directory. |
| RaTasha Tillery-Smith | 2021-09-22 13:44:17 UTC | Doc Text | Squashfs-tools was found to be vulnerable to attacks similar to zip-slip : during extraction, a file can escape the destination directory either via the '../' string to access the parent directory, or via symlinks. A specially crafted squashfs archive could use this flaw to install or overwrite files outside of the destination directory. | A flaw was found in Squashfs-tools, where it is vulnerable to attacks similar to zip-slip. During extraction, a file can escape the destination directory either via the '../' string to access the parent directory or via symlinks. This flaw allows a specially crafted squashfs archive to install or overwrite files outside of the destination directory. |
| Red Hat Bugzilla | 2023-07-07 08:28:53 UTC | Assignee | security-response-team | nobody |
Back to bug 1998621