A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins.
This vulnerability is associated with program files src/binwalk/plugins/unpfs.py.
This issue affects binwalk from 2.1.2b through 2.3.3 included.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: ONEKEY
Published: 2023-01-25T12:25:14.811Z
Updated: 2024-08-03T01:41:45.526Z
Reserved: 2022-12-15T08:12:09.055Z
Link: CVE-2022-4510
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-01-26T21:18:06.547
Modified: 2023-09-17T09:15:11.777
Link: CVE-2022-4510
Redhat
No data.