Directory Traversal

2021-08-2909:06:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.012 Low

EPSS

Percentile

85.3%

JSON

squashfs-tools is vulnerable to directory traversal. The vulnerability exists due to the reusing of filename which is in turn not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

CPENameOperatorVersion
squashfs-tools:sideq1:4.4-2
squashfs-tools:stretcheq1:4.3-3+deb9u1
squashfs-tools:sideq1:4.4-2
squashfs-tools:stretcheq1:4.3-3+deb9u1
squashfs-tools:edgeeq4.4-r0
squashfs-tools:edgeeq4.4-r1
squashfs-tools:3.11eq4.4-r0
squashfs-tools:3.14eq4.4-r1
squashfs-tools:3.13eq4.4-r1
squashfs-tools:3.12eq4.4-r0

Name	Operator	Version
squashfs-tools:sid	eq	1:4.4-2
squashfs-tools:stretch	eq	1:4.3-3+deb9u1
squashfs-tools:sid	eq	1:4.4-2
squashfs-tools:stretch	eq	1:4.3-3+deb9u1
squashfs-tools:edge	eq	4.4-r0
squashfs-tools:edge	eq	4.4-r1
squashfs-tools:3.11	eq	4.4-r0
squashfs-tools:3.14	eq	4.4-r1
squashfs-tools:3.13	eq	4.4-r1
squashfs-tools:3.12	eq	4.4-r0