VDB

CVE-2021-23177

CVE-2021-23177 PUBLISHED

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.

EPSS 0.04% · 13.1th percentile

Risk Scores

EPSS Score
0.04%
13.1th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:18.04:LTSlibarchive3.2.2-3.1ubuntu0.6, 3.2.2-3.1ubuntu0.4, 3.2.2-3.1ubuntu0.3
Ubuntu:20.04:LTSlibarchive3.4.0-2ubuntu1, 0, 3.4.0-1
Ubuntu:Pro:14.04:LTSlibarchive3.1.2-7ubuntu2.6, 3.1.2-7ubuntu2.8, 0
Ubuntu:Pro:16.04:LTSlibarchive0, 3.1.2-11ubuntu0.16.04.2, 3.1.2-11ubuntu0.16.04.8+esm1

Timeline

  • Dec 24, 2021 CVE Published
  • Aug 24, 2022 EPSS Score
  • Oct 9, 2022 EPSS Score
  • Nov 23, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Feb 23, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 9, 2023 EPSS Score
  • May 25, 2023 EPSS Score
  • Jul 10, 2023 EPSS Score
  • Aug 25, 2023 EPSS Score
  • Oct 9, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›