2 matches found
CVE-2023-0591
The CVE-2023-0591 entry affects ubi-reader before 0.8.5 and describes a path traversal vulnerability in ubireader_extract_files. A node name (dent_node.name) is treated as trusted and joined to the extraction directory path during processing, with the node content written to the joined path. By c...
CVE-2022-4572
CVE-2022-4572 concerns a path traversal vulnerability in UBI Reader up to version 0.8.0. The flaw targets the function ubireader_extract_files in the file ubireader/ubifs/output.py of the UBIFS File Handler, enabling path traversal under certain conditions. The issue could be exploited remotely a...