Phillip Lougher - Security Researcher - Exploit Intelligence Platform

CVE-2015-4645 WRITEUP MEDIUM WRITEUP

Squashfs < 4.3 - Integer Overflow

Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.

CVSS 5.5

View Code

CVE-2015-4646 WRITEUP HIGH WRITEUP

Squashfs < 4.3 - Improper Input Validation

(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.

CVSS 7.5

View Code

CVE-2021-40153 WRITEUP HIGH WRITEUP

Squashfs-tools - Path Traversal

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

CVSS 8.1

View Code