| عنوان | GNU cramfs-tools V2.1 Improper Limitation of a Pathname to a Restricted Directory |
|---|
| الوصف | GNU cramfs-tools is a set of utilities for managing the Cramfs (Compressed ROM File System), a lightweight, read-only Linux file system optimized for space efficiency and low memory usage. It includes mkcramfs/mkfs.cramfs to create Cramfs images from directories, and cramfsck to verify integrity or extract contents.
GNU cramfs-tools before version v2.2 contains Arbitrary File Write via Crafted Directory Entry Name via cramfsck -x. This may allow an attacker who can supply a crafted cramfs image to create or overwrite files outside the caller-selected extraction directory.
This problem has been resolved in v2.2. It's suggested to upgrade cramfs-tools to the latest version. |
|---|
| المصدر | ⚠️ https://github.com/npitre/cramfs-tools/issues/12 |
|---|
| المستخدم | nich0las (UID 51709) |
|---|
| ارسال | 23/04/2026 03:44 AM (1 شهر منذ) |
|---|
| الاعتدال | 10/05/2026 05:58 PM (18 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 362571 [npitre cramfs-tools حتى 2.1 Directory cramfsck.c do_directory اجتياز الدليل] |
|---|
| النقاط | 20 |
|---|