logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2023-0591

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2023-0591

Description:
ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_node.name) is considered trusted and joined to the extraction directory path during processing, then the node content is written to that joined path. By crafting a malicious UBIFS file with node names holding path traversal payloads (e.g. ../../tmp/outside.txt), it's possible to force ubi_reader to write outside of the extraction directory. This issue affects ubi-reader before 0.8.5.
Last updated date:
02/07/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
02/07/2023
Reference url to background

https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy