{"id":"CVE-2021-31800","details":"Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.","aliases":["GHSA-mj63-64x7-57xf","PYSEC-2021-17"],"modified":"2026-04-10T04:32:35.213625Z","published":"2021-05-05T11:15:07.397Z","related":["openSUSE-SU-2024:11232-1","openSUSE-SU-2024:14142-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPXDPWCAPVX3UWYZ3N2T5OLBSBBUHJP6/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRV2C5DATXBHG6TF6CEEX54KZ75THQS3/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UF56LYB27LHEIFJTFHU3M75NMNNK2SCG/"},{"type":"ADVISORY","url":"https://github.com/SecureAuthCorp/impacket/releases"},{"type":"ADVISORY","url":"https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2008"},{"type":"ADVISORY","url":"https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2958"},{"type":"ADVISORY","url":"https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L876"},{"type":"ADVISORY","url":"https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L3485"},{"type":"FIX","url":"https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fortra/impacket","events":[{"introduced":"0"},{"last_affected":"2438fb66cea4c6a9b4a04939e1ef9c4208d60134"},{"fixed":"49c643bf66620646884ed141c94e5fdd85bcdd2f"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.9.22"}]}}],"versions":["impacket_0_9_13","impacket_0_9_14","impacket_0_9_15","impacket_0_9_17","impacket_0_9_18","impacket_0_9_19","impacket_0_9_20","impacket_0_9_21","impacket_0_9_22"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31800.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}