CVE-2021-31566
23.08.2022, 16:15
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.
| Vendor | Product | Version |
|---|---|---|
| libarchive | libarchive | 𝑥 < 3.5.2 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.6 |
| redhat | enterprise_linux_for_power_little_endian | 8.0 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.6 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.6 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | codeready_linux_builder | - |
| debian | debian_linux | 10.0 |
| splunk | universal_forwarder | 8.2.0 ≤ 𝑥 < 8.2.12 |
| splunk | universal_forwarder | 9.0.0 ≤ 𝑥 < 9.0.6 |
| splunk | universal_forwarder | 9.1.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References