Improper Link Resolution Flaw in libarchive Product by LibreSoftware
CVE-2021-31566

7.8HIGH

Key Information:

Vendor: Libarchive
Status: Libarchive
Vendor: CVE Published:; 23 August 2022

What is CVE-2021-31566?

The vulnerability stems from an improper link resolution issue present in the libarchive software, which can occur when a user attempts to extract files from an archive. This flaw allows a malicious actor to craft a harmful archive that, when extracted by an unsuspecting user, may lead to unauthorized changes in file modes, timestamps, access control lists, and other attributes of files located outside the archive. Consequently, a local attacker can exploit this vulnerability to escalate privileges on the system.

Affected Version(s)

libarchive Fixed in libarchive 3.5.2

References

https://github.com/libarchive/libarchive/issues/1566

https://github.com/libarchive/libarchive/commit/b41daecb5...

https://bugzilla.redhat.com/show_bug.cgi?id=2024237

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2022
Vulnerability Reserved
Dec 16, 2021

Libarchive

What is CVE-2021-31566?

Affected Version(s)

References

CVSS V3.1

Timeline