CVE-2022-4510 Path Traversal in binwalk

2023-01-2512:25:14

CWE-22

ONEKEY

www.cve.org

path traversal

binwalk

remote code execution

pfs filesystem

vulnerability

unpfs.py

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.267 Low

EPSS

Percentile

96.8%

JSON

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk’s PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins.
This vulnerability is associated with program files src/binwalk/plugins/unpfs.py.

This issue affects binwalk from 2.1.2b through 2.3.3 included.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "PFS extractor"
    ],
    "packageName": "binwalk",
    "platforms": [
      "Linux",
      "MacOS"
    ],
    "product": "binwalk",
    "programFiles": [
      "https://github.com/ReFirmLabs/binwalk/blob/11a9bcd4451c4e5ff5db5abbc0df06e7b8838568/src/binwalk/plugins/unpfs.py"
    ],
    "repo": "https://github.com/ReFirmLabs/binwalk/",
    "vendor": "Refirm Labs",
    "versions": [
      {
        "lessThanOrEqual": "2.3.3",
        "status": "affected",
        "version": "2.1.2b",
        "versionType": "2.1.2b"
      }
    ]
  }
]