CVE-2021-23177 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-23177 PUBLISHED

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.

EPSS 0.04% · 12.7th percentile

Risk Scores

EPSS Score

0.04%

12.7th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:Pro:18.04:LTS	libarchive	0, 3.2.2-3.1, 3.2.2-3.1ubuntu0.2
Ubuntu:20.04:LTS	libarchive	0, 3.4.0-1, 3.4.0-1build1
Ubuntu:Pro:14.04:LTS	libarchive	3.1.2-7ubuntu2.8, 0, 3.1.2-5ubuntu1
Ubuntu:Pro:16.04:LTS	libarchive	0, 3.1.2-11build1, 3.1.2-11ubuntu0.16.04.3

Timeline

Dec 24, 2021 CVE Published
Aug 24, 2022 EPSS Score
Oct 8, 2022 EPSS Score
Nov 22, 2022 EPSS Score
Jan 6, 2023 EPSS Score
Feb 20, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 7, 2023 EPSS Score
May 22, 2023 EPSS Score
Jul 6, 2023 EPSS Score
Aug 20, 2023 EPSS Score
Oct 4, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2021-23177 third-party-advisory
https://ubuntu.com/security/notices/USN-5291-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2021-23177 third-party-advisory

Open in Interactive Console →