VDB
CVE-2021-23177
CVE-2021-23177
PUBLISHED
An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.
EPSS 0.04% · 13.1th percentile
Risk Scores
EPSS Score
0.04%
13.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | libarchive | 3.2.2-3.1ubuntu0.6, 3.2.2-3.1ubuntu0.4, 3.2.2-3.1ubuntu0.3 |
| Ubuntu:20.04:LTS | libarchive | 3.4.0-2ubuntu1, 0, 3.4.0-1 |
| Ubuntu:Pro:14.04:LTS | libarchive | 3.1.2-7ubuntu2.6, 3.1.2-7ubuntu2.8, 0 |
| Ubuntu:Pro:16.04:LTS | libarchive | 0, 3.1.2-11ubuntu0.16.04.2, 3.1.2-11ubuntu0.16.04.8+esm1 |
Timeline
- Dec 24, 2021 CVE Published
- Aug 24, 2022 EPSS Score
- Oct 9, 2022 EPSS Score
- Nov 23, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Feb 23, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 9, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 10, 2023 EPSS Score
- Aug 25, 2023 EPSS Score
- Oct 9, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-23177 third-party-advisory
- https://ubuntu.com/security/notices/USN-5291-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-23177 third-party-advisory