6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
50.0%
A vulnerability, which was classified as problematic, was found in ReFirm
Labs binwalk up to 2.3.2. Affected is an unknown function of the file
src/binwalk/modules/extractor.py of the component Archive Extraction
Handler. The manipulation leads to symlink following. It is possible to
launch the attack remotely. Upgrading to version 2.3.3 is able to address
this issue. The name of the patch is
fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the
affected component. The identifier of this vulnerability is VDB-216876.