Your submission was sent successfully! Close

CVE-2021-31566

Published: 24 December 2021

An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.

Notes

AuthorNote
mdeslaur
intrusive backport to bionic
Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
libarchive
Launchpad, Ubuntu, Debian
bionic Needed

focal
Released (3.4.0-2ubuntu1.1)
hirsute Ignored
(reached end-of-life)
impish
Released (3.4.3-2ubuntu0.1)
jammy Not vulnerable
(3.5.2-1)
kinetic Not vulnerable
(3.5.2-1)
trusty Needs triage

upstream
Released (3.5.2-1)
xenial Needs triage

Patches:
upstream: https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 (v3.5.2)
upstream: https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b (v3.5.2)
upstream: https://github.com/libarchive/libarchive/commit/8a1bd5c18e896f0411a991240ce0d772bb02c840
upstream: https://github.com/libarchive/libarchive/commit/ede459d2ebb879f5eedb6f7abea203be0b334230