{"id":"CVE-2021-40153","details":"squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.","modified":"2026-04-16T04:40:09.552434223Z","published":"2021-08-27T15:15:09.657Z","related":["ALSA-2024:2396","ALSA-2024:3139","SUSE-SU-2023:4424-1","SUSE-SU-2023:4591-1","SUSE-SU-2024:2463-1","openSUSE-SU-2024:13035-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSMRKVJMJFX3MB7D3PXJSYY3TLZROE5S/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAOZ4BKWAC4Y3U2K5MMW3S77HWWXHQDL/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/08/msg00030.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202305-29"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4967"},{"type":"ADVISORY","url":"https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790"},{"type":"FIX","url":"https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646"},{"type":"EVIDENCE","url":"https://github.com/plougher/squashfs-tools/issues/72"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/plougher/squashfs-tools","events":[{"introduced":"0"},{"last_affected":"0496d7c3de3e09da37ba492081c86159806ebb07"},{"fixed":"79b5a555058eef4e1e7ff220c344d39f8cd09646"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.5"}]}}],"versions":["3.1","3.2","3.2-r2","4.4","4.4-git.1","4.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40153.json","vanir_signatures_modified":"2026-04-11T21:23:21Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]}],"vanir_signatures":[{"source":"https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646","digest":{"line_hashes":["50828977239246341552227491787446239835","128576841512081726737754358413906834367","110043700371647694562612672828809094040"],"threshold":0.9},"deprecated":false,"id":"CVE-2021-40153-009ba15a","target":{"file":"squashfs-tools/unsquashfs.h"},"signature_version":"v1","signature_type":"Line"},{"signature_type":"Line","digest":{"line_hashes":["160501286239700629092135283669755288177","213780428136095547299888337788402941706","23619371042075555198739527988650145162","221334141776301865758225224668281721804","266758379142232307434566963428457973280"],"threshold":0.9},"target":{"file":"squashfs-tools/unsquash-2.c"},"id":"CVE-2021-40153-017e9ff3","deprecated":false,"signature_version":"v1","source":"https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646"},{"signature_type":"Function","digest":{"length":2505,"function_hash":"51293039805656847917657443662744577466"},"deprecated":false,"id":"CVE-2021-40153-1d0dd43f","target":{"function":"squashfs_opendir","file":"squashfs-tools/unsquash-4.c"},"signature_version":"v1","source":"https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646"},{"signature_type":"Function","digest":{"length":2783,"function_hash":"80923551572641589015915162064405619249"},"deprecated":false,"id":"CVE-2021-40153-2e9654ae","target":{"function":"squashfs_opendir","file":"squashfs-tools/unsquash-1.c"},"signature_version":"v1","source":"https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646"},{"signature_type":"Line","digest":{"line_hashes":["240446617043653286480198865004930916245","85036573388738113650473330562054475123","178959040955563739941298411213357854478","52757748330772165091005910095155019992"],"threshold":0.9},"target":{"file":"squashfs-tools/unsquashfs.c"},"id":"CVE-2021-40153-660bbe71","deprecated":false,"signature_version":"v1","source":"https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646"},{"signature_type":"Line","digest":{"line_hashes":["34954808733838894450630971783915405997","213780428136095547299888337788402941706","23619371042075555198739527988650145162","221334141776301865758225224668281721804","266758379142232307434566963428457973280"],"threshold":0.9},"deprecated":false,"id":"CVE-2021-40153-7ca598b0","target":{"file":"squashfs-tools/unsquash-1.c"},"signature_version":"v1","source":"https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646"},{"signature_type":"Line","digest":{"line_hashes":["197022567876957868834385391713847007419","213780428136095547299888337788402941706","23619371042075555198739527988650145162","221334141776301865758225224668281721804","266758379142232307434566963428457973280"],"threshold":0.9},"deprecated":false,"id":"CVE-2021-40153-82fdbc53","target":{"file":"squashfs-tools/unsquash-4.c"},"signature_version":"v1","source":"https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646"},{"source":"https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646","digest":{"length":2787,"function_hash":"276419838980127061434609503158908259625"},"deprecated":false,"id":"CVE-2021-40153-8898e7df","target":{"function":"squashfs_opendir","file":"squashfs-tools/unsquash-3.c"},"signature_version":"v1","signature_type":"Function"},{"signature_type":"Function","digest":{"length":2783,"function_hash":"80923551572641589015915162064405619249"},"deprecated":false,"id":"CVE-2021-40153-90eb83c8","target":{"function":"squashfs_opendir","file":"squashfs-tools/unsquash-2.c"},"signature_version":"v1","source":"https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646"},{"source":"https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646","digest":{"line_hashes":["254152677995986906383011311190010600236","213780428136095547299888337788402941706","23619371042075555198739527988650145162","221334141776301865758225224668281721804","266758379142232307434566963428457973280"],"threshold":0.9},"deprecated":false,"id":"CVE-2021-40153-d2150224","target":{"file":"squashfs-tools/unsquash-3.c"},"signature_version":"v1","signature_type":"Line"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}]}