UBUNTU-CVE-2024-21633

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-21633

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-21633.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-21633

Related

CVE-2024-21633

Published

2024-01-03T17:15:00Z

Modified

2024-10-15T14:12:50Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either user name is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue.

References

Affected packages

Ubuntu:Pro:16.04:LTS / apktool

Package

Name: apktool
Purl: pkg:deb/ubuntu/apktool?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.2+dfsg-1

2.0.2+dfsg-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / apktool

Package

Name: apktool
Purl: pkg:deb/ubuntu/apktool?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.2.4+dfsg-1

2.3.0+dfsg-1

2.3.1+dfsg-1

2.3.4-1~18.04

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / apktool

Package

Name: apktool
Purl: pkg:deb/ubuntu/apktool?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.0-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / apktool

Package

Name: apktool
Purl: pkg:deb/ubuntu/apktool?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.5.0+dfsg.1-2build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / apktool

Package

Name: apktool
Purl: pkg:deb/ubuntu/apktool?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.0+dfsg-7

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / apktool

Package

Name: apktool
Purl: pkg:deb/ubuntu/apktool?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.0+dfsg-6

2.7.0+dfsg-7

Ecosystem specific

{
    "ubuntu_priority": "medium"
}