CVE-2021-23521

31.01.2022, 11:15

This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic link is followed outside of the target dir allowing writing arbitrary files on the target host. In some cases, this can allow an attacker to execute arbitrary code. The vulnerable code is in the ZipFile::uncompressEntry function in juce_ZipFile.cpp and is executed when the archive is extracted upon calling uncompressTo() on a ZipFile object.

Link Following

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
snyk	CNA	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 23%

Vendor	Product	Version
juce	juce	𝑥 < 6.1.5

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

juce

bullseye	no-dsa
buster	no-dsa
stretch	no-dsa
bookworm	7.0.5+ds-1 fixed
sid	8.0.3+ds-2 fixed
trixie	8.0.3+ds-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

juce

noble	needed
mantic	ignored
lunar	ignored
kinetic	ignored
jammy	needed
impish	ignored
focal	needed
bionic	needed
xenial	needs-triage
trusty	ignored

Known Exploits!

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

https://github.com/juce-framework/JUCE/commit/2e874e80cba0152201aff6a4d0dc407997d10a7f

https://snyk.io/vuln/SNYK-UNMANAGED-JUCEFRAMEWORKJUCE-2388608

https://github.com/juce-framework/JUCE/commit/2e874e80cba0152201aff6a4d0dc407997d10a7f

https://snyk.io/vuln/SNYK-UNMANAGED-JUCEFRAMEWORKJUCE-2388608