| 标题 | GNU cramfs-tools V2.1 Improper Limitation of a Pathname to a Restricted Directory |
|---|
| 描述 | GNU cramfs-tools is a set of utilities for managing the Cramfs (Compressed ROM File System), a lightweight, read-only Linux file system optimized for space efficiency and low memory usage. It includes mkcramfs/mkfs.cramfs to create Cramfs images from directories, and cramfsck to verify integrity or extract contents.
GNU cramfs-tools before version v2.2 contains Arbitrary File Write via Crafted Directory Entry Name via cramfsck -x. This may allow an attacker who can supply a crafted cramfs image to create or overwrite files outside the caller-selected extraction directory.
This problem has been resolved in v2.2. It's suggested to upgrade cramfs-tools to the latest version. |
|---|
| 来源 | ⚠️ https://github.com/npitre/cramfs-tools/issues/12 |
|---|
| 用户 | nich0las (UID 51709) |
|---|
| 提交 | 2026-04-23 03時44分 (1 月前) |
|---|
| 管理 | 2026-05-10 17時58分 (18 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 362571 [npitre cramfs-tools 直到 2.1 Directory cramfsck.c do_directory 目录遍历] |
|---|
| 积分 | 20 |
|---|