Login Sign Up

CVE-2021-31272

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability in SerenityOS allows attackers to exploit directory traversal in tar/unzip utilities, potentially leading to arbitrary command execution or privilege escalation. It affects all SerenityOS users running versions before the fix commit. Attackers could write files outside intended directories, enabling system compromise.

💻 Affected Systems

Products:
  • SerenityOS
Versions: All versions before commit 3844e8569689dd476064a0759d704bc64fb3ca2c
Operating Systems: SerenityOS
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in the tar and unzip utilities within SerenityOS. Any system using these utilities to process untrusted archives is vulnerable.

📦 What is this software?

Serenityos by Serenityos

View all CVEs affecting Serenityos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via arbitrary command execution with root privileges, allowing complete control over the affected system.

🟠

Likely Case

Privilege escalation to root or arbitrary file writes leading to data corruption, persistence mechanisms, or service disruption.

🟢

If Mitigated

Limited impact with proper file permissions and sandboxing, potentially only affecting user-level operations.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction to process a malicious archive. The vulnerability is well-documented in GitHub issues with proof-of-concept examples.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 3844e8569689dd476064a0759d704bc64fb3ca2c and later

Vendor Advisory: https://github.com/SerenityOS/serenity/issues/3991

Restart Required: No

Instructions:

1. Update SerenityOS to commit 3844e8569689dd476064a0759d704bc64fb3ca2c or later. 2. Rebuild the system from source. 3. Replace existing tar/unzip binaries with patched versions.

🔧 Temporary Workarounds

Disable tar/unzip utilities

all

Remove or restrict access to vulnerable tar and unzip binaries

sudo chmod 000 /usr/bin/tar
sudo chmod 000 /usr/bin/unzip

Use alternative archive tools

all

Replace vulnerable utilities with alternative implementations that validate paths

🧯 If You Can't Patch

  • Implement strict file permission controls to limit write access to sensitive directories
  • Use sandboxing or containerization to isolate archive processing from critical system components

🔍 How to Verify

Check if Vulnerable:

Check if SerenityOS version is before commit 3844e8569689dd476064a0759d704bc64fb3ca2c using 'git log --oneline | head -1'

Check Version:

git log --oneline | head -1

Verify Fix Applied:

Verify the system includes commit 3844e8569689dd476064a0759d704bc64fb3ca2c with 'git log --oneline | grep 3844e8569689dd476064a0759d704bc64fb3ca2c'

📡 Detection & Monitoring

Log Indicators:

  • Unusual file writes outside expected directories
  • Archive processing errors with path traversal attempts
  • Suspicious tar/unzip process activity

Network Indicators:

  • Downloads of archive files followed by unexpected file system changes

SIEM Query:

process.name IN ('tar', 'unzip') AND file.path CONTAINS '../'

📊 Metadata

CVE ID: CVE-2021-31272
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: June 18, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31272, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)