DEBIAN-CVE-2021-31800

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2021-31800

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2021-31800.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2021-31800

Upstream

CVE-2021-31800

Published

2021-05-05T11:15:07Z

Modified

2025-09-25T02:33:55.110415Z

Summary

[none]

Details

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.

References

https://security-tracker.debian.org/tracker/CVE-2021-31800

Affected packages

Debian:11 / impacket

Package

Name: impacket
Purl: pkg:deb/debian/impacket?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.22-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / impacket

Package

Name: impacket
Purl: pkg:deb/debian/impacket?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.22-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / impacket

Package

Name: impacket
Purl: pkg:deb/debian/impacket?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.22-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / impacket

Package

Name: impacket
Purl: pkg:deb/debian/impacket?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.22-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}