CVE-2021-23521

EUVD-2021-10488

31.01.2022, 11:15

This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic link is followed outside of the target dir allowing writing arbitrary files on the target host. In some cases, this can allow an attacker to execute arbitrary code. The vulnerable code is in the ZipFile::uncompressEntry function in juce_ZipFile.cpp and is executed when the archive is extracted upon calling uncompressTo() on a ZipFile object.

Link Following

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
snyk	CNA	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 22%

Affected Products (NVD)

Vendor	Product	Version
juce	juce	𝑥 < 6.1.5

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

juce

bookworm	7.0.5+ds-1 fixed
bullseye	no-dsa
buster	no-dsa
sid	8.0.3+ds-2 fixed
stretch	no-dsa
trixie	8.0.3+ds-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

juce

bionic	needed
focal	needed
impish	ignored
jammy	needed
kinetic	ignored
lunar	ignored
mantic	ignored
noble	needed
trusty	ignored
xenial	needs-triage

Known Exploits!

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

https://github.com/juce-framework/JUCE/commit/2e874e80cba0152201aff6a4d0dc407997d10a7f

https://snyk.io/vuln/SNYK-UNMANAGED-JUCEFRAMEWORKJUCE-2388608

https://github.com/juce-framework/JUCE/commit/2e874e80cba0152201aff6a4d0dc407997d10a7f

https://snyk.io/vuln/SNYK-UNMANAGED-JUCEFRAMEWORKJUCE-2388608