Descriptionsquashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs994262

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
squashfs-tools (PTS)stretch1:4.3-3+deb9u1vulnerable
stretch (security)1:4.3-3+deb9u2vulnerable
buster (security)1:4.3-12+deb10u1vulnerable
bullseye (security)1:4.4-2+deb11u1vulnerable
bookworm, sid1:4.5-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


Fixed by:
Followup fix:

Search for package or bug name: Reporting problems