Soumettre #810864: GNU cramfs-tools V2.1 Improper Limitation of a Pathname to a Restricted Directoryinformation

TitreGNU cramfs-tools V2.1 Improper Limitation of a Pathname to a Restricted Directory
DescriptionGNU cramfs-tools is a set of utilities for managing the Cramfs (Compressed ROM File System), a lightweight, read-only Linux file system optimized for space efficiency and low memory usage. It includes mkcramfs/mkfs.cramfs to create Cramfs images from directories, and cramfsck to verify integrity or extract contents. GNU cramfs-tools before version v2.2 contains Arbitrary File Write via Crafted Directory Entry Name via cramfsck -x. This may allow an attacker who can supply a crafted cramfs image to create or overwrite files outside the caller-selected extraction directory. This problem has been resolved in v2.2. It's suggested to upgrade cramfs-tools to the latest version.
La source⚠️ https://github.com/npitre/cramfs-tools/issues/12
Utilisateur
 nich0las (UID 51709)
Soumission23/04/2026 03:44 (il y a 1 mois)
Modérer10/05/2026 17:58 (18 days later)
StatutAccepté
Entrée VulDB362571 [npitre cramfs-tools jusqu’à 2.1 Directory cramfsck.c do_directory directory traversal]
Points20

PrécédentAperçuSuivant

Want to know what is going to be exploited?

We predict KEV entries!