Path Traversal in binwalk
Description
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py.
This issue affects binwalk from 2.1.2b through 2.3.3 included.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
binwalkPyPI | >= 2.1.2b, <= 2.3.3 | — |
Affected products
3- ghsa-coords2 versions
>= 2.1.2b, <= 2.3.3+ 1 more
- (no CPE)range: >= 2.1.2b, <= 2.3.3
- (no CPE)range: < 2.3.3-2.1
- Refirm Labs/binwalkv5Range: 2.1.2b
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.