An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2021-31566 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2024237 | Issue Tracking Patch Third Party Advisory |
https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 | Patch Third Party Advisory |
https://github.com/libarchive/libarchive/issues/1566 | Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/11/msg00030.html | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
27 Mar 2024, 16:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:* cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:* |
|
First Time |
Splunk
Splunk universal Forwarder |
03 Dec 2022, 14:16
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/11/msg00030.html - Mailing List, Third Party Advisory | |
First Time |
Debian
Debian debian Linux |
|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
22 Nov 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Aug 2022, 16:09
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:* cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject
Redhat enterprise Linux Eus Redhat enterprise Linux For Ibm Z Systems Eus Redhat codeready Linux Builder Fedoraproject fedora Redhat Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux Libarchive libarchive Redhat enterprise Linux Server Aus Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux For Power Little Endian Libarchive Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat enterprise Linux Server Tus |
|
CWE | CWE-59 | |
References | (MISC) https://github.com/libarchive/libarchive/issues/1566 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2024237 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2021-31566 - Third Party Advisory | |
References | (MISC) https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 - Patch, Third Party Advisory |
23 Aug 2022, 17:04
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-23 16:15
Updated : 2024-03-27 16:04
NVD link : CVE-2021-31566
Mitre link : CVE-2021-31566
CVE.ORG link : CVE-2021-31566
JSON object : View
Products Affected
redhat
- enterprise_linux_for_ibm_z_systems
- enterprise_linux_for_power_little_endian_eus
- enterprise_linux_server_tus
- enterprise_linux_server_aus
- enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
- codeready_linux_builder
- enterprise_linux
- enterprise_linux_for_power_little_endian
- enterprise_linux_for_ibm_z_systems_eus
- enterprise_linux_eus
libarchive
- libarchive
splunk
- universal_forwarder
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')