An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.
{ "vanir_signatures": [ { "signature_type": "Function", "deprecated": false, "source": "https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad", "signature_version": "v1", "target": { "function": "set_acl", "file": "libarchive/archive_disk_acl_freebsd.c" }, "id": "CVE-2021-23177-0c1bd6e2", "digest": { "function_hash": "119863235124518575270985428048575660452", "length": 4917.0 } }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad", "signature_version": "v1", "target": { "function": "set_richacl", "file": "libarchive/archive_disk_acl_linux.c" }, "id": "CVE-2021-23177-5d16566d", "digest": { "function_hash": "247656066004948287138564276136791744976", "length": 2892.0 } }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad", "signature_version": "v1", "target": { "function": "set_acl", "file": "libarchive/archive_disk_acl_linux.c" }, "id": "CVE-2021-23177-7a77de8b", "digest": { "function_hash": "302990961322684235683817322928752066115", "length": 2866.0 } }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad", "signature_version": "v1", "target": { "function": "archive_write_disk_set_acls", "file": "libarchive/archive_disk_acl_sunos.c" }, "id": "CVE-2021-23177-8d82bea3", "digest": { "function_hash": "52790904636013997542601074658456549946", "length": 547.0 } }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad", "signature_version": "v1", "target": { "function": "archive_write_disk_set_acls", "file": "libarchive/archive_disk_acl_freebsd.c" }, "id": "CVE-2021-23177-b0e73bb0", "digest": { "function_hash": "35384814950336608914965040955053504744", "length": 824.0 } }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad", "signature_version": "v1", "target": { "function": "archive_write_disk_set_acls", "file": "libarchive/archive_disk_acl_linux.c" }, "id": "CVE-2021-23177-c08cc697", "digest": { "function_hash": "263031339257398541578009937029100212642", "length": 968.0 } }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad", "signature_version": "v1", "target": { "file": "libarchive/archive_disk_acl_sunos.c" }, "id": "CVE-2021-23177-d819f446", "digest": { "line_hashes": [ "84990743136418828527462510462062511907", "22859693072452959139744747115909369270", "115334538010198384267700553576031112416", "3042903274904374635866907155597520168", "304812151970705618377174090172717593445", "242873013570215163891779995925904880076", "39536394315240468706685208083702613514", "124078169523069087491718815388305370911", "242966959617250580974428329096942640228", "187829038392698695668984727268345940729", "22340609179081170511628492016248220360", "118760957168650623631216286302237692362", "57476135617708118244780041361405711318", "189512589557562900187888762189196606482", "36395643105050333748370086763360079794", "253824529166211766929494839252701928624", "234694127356842474677596494888878718103", "147875983475137501416103664521612499462" ], "threshold": 0.9 } }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad", "signature_version": "v1", "target": { "function": "set_acl", "file": "libarchive/archive_disk_acl_sunos.c" }, "id": "CVE-2021-23177-eccefea9", "digest": { "function_hash": "265072810972092415907080833734331220404", "length": 4985.0 } }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad", "signature_version": "v1", "target": { "file": "libarchive/archive_disk_acl_freebsd.c" }, "id": "CVE-2021-23177-fac0efc9", "digest": { "line_hashes": [ "84990743136418828527462510462062511907", "22859693072452959139744747115909369270", "115334538010198384267700553576031112416", "311104811035708422485853231085491373802", "151354966052041538065268232937089411238", "62882597281865252390221075842624393894", "171612392568340577838467011432770583982", "268249881924715148944500090443294538496", "2513709530809017008507271607761769280", "287928638959750005586135720710442108686", "85851401220750850729048418580891421732", "29367563557898392387666504434358689585", "204446129635919608441645671690260388399", "225405089247558615039648400756762992418", "3647264055995467654692287383784194006", "24373819093303007605257797844198040002", "290542635402142824665876110217430807871", "243581702265247626786650259006847014683", "231458421834209525064285454195791704750", "238255219782604529165226811497664971449", "308329974374425027968506096878110307634", "262023106250228515035554986922517675958", "33689233651467368050934500628079971602", "253824529166211766929494839252701928624", "234694127356842474677596494888878718103", "147875983475137501416103664521612499462" ], "threshold": 0.9 } }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad", "signature_version": "v1", "target": { "file": "libarchive/archive_disk_acl_linux.c" }, "id": "CVE-2021-23177-fc0fa152", "digest": { "line_hashes": [ "304008535235936808083386740926997442912", "176430584519154342942889019626544819025", "24228361494896306296459761476420579033", "287850838011923136632083156206571583409", "22859693072452959139744747115909369270", "115334538010198384267700553576031112416", "311104811035708422485853231085491373802", "151354966052041538065268232937089411238", "62882597281865252390221075842624393894", "171612392568340577838467011432770583982", "29367563557898392387666504434358689585", "204446129635919608441645671690260388399", "225405089247558615039648400756762992418", "3647264055995467654692287383784194006", "24373819093303007605257797844198040002", "290542635402142824665876110217430807871", "243581702265247626786650259006847014683", "231458421834209525064285454195791704750", "238255219782604529165226811497664971449", "64455699296391837276626849341514225792", "186238808539091791794299157509030806750" ], "threshold": 0.9 } } ] }