| Titel | GNU cramfs-tools V2.1 Improper Limitation of a Pathname to a Restricted Directory |
|---|
| Beschreibung | GNU cramfs-tools is a set of utilities for managing the Cramfs (Compressed ROM File System), a lightweight, read-only Linux file system optimized for space efficiency and low memory usage. It includes mkcramfs/mkfs.cramfs to create Cramfs images from directories, and cramfsck to verify integrity or extract contents.
GNU cramfs-tools before version v2.2 contains Arbitrary File Write via Crafted Directory Entry Name via cramfsck -x. This may allow an attacker who can supply a crafted cramfs image to create or overwrite files outside the caller-selected extraction directory.
This problem has been resolved in v2.2. It's suggested to upgrade cramfs-tools to the latest version. |
|---|
| Quelle | ⚠️ https://github.com/npitre/cramfs-tools/issues/12 |
|---|
| Benutzer | nich0las (UID 51709) |
|---|
| Einreichung | 23.04.2026 03:44 (vor 1 Monat) |
|---|
| Moderieren | 10.05.2026 17:58 (18 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 362571 [npitre cramfs-tools bis 2.1 Directory cramfsck.c do_directory Directory Traversal] |
|---|
| Punkte | 20 |
|---|