Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
squashfs-tools 路径遍历漏洞
Vulnerability Description
squashfs-tools是一个开源软件包。 Squashfs-Tools 4.5版本存在安全漏洞,该漏洞源于在软件中的unsquash-1.c中的squashfs_opendir函数负责存储目录条目中的文件名,然后unsquashfs使用它在unsquash期间创建新文件。函数文件名操作对于目标目录外的遍历并不进行验证,因此文件名被允许写入到目标目录外的位置。
CVSS Information
N/A
Vulnerability Type
N/A