Your submission was sent successfully! Close

CVE-2021-23177

Published: 24 December 2021

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.

Notes

AuthorNote
mdeslaur
intrusive backport to bionic
Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
libarchive
Launchpad, Ubuntu, Debian
bionic Needed

focal
Released (3.4.0-2ubuntu1.1)
hirsute Ignored
(reached end-of-life)
impish
Released (3.4.3-2ubuntu0.1)
jammy Not vulnerable
(3.5.2-1)
kinetic Not vulnerable
(3.5.2-1)
trusty Needs triage

upstream
Released (3.5.2-1)
xenial Needs triage

Patches:
upstream: https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad (v3.5.2)