QwikSec

Security Database

CVE

CWE

Training

CVE-2021-31566

Published: Aug 23, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.

Vendor	Product	Versions
n/a	libarchive	affected `Fixed in libarchive 3.5.2`

Weaknesses (CWE)

References

https://github.com/libarchive/libarchive/issues/1566

https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043

https://bugzilla.redhat.com/show_bug.cgi?id=2024237

https://access.redhat.com/security/cve/CVE-2021-31566

[debian-lts-announce] 20221122 [SECURITY] [DLA 3202-1] libarchive security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.