OpenCVE

An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Windriver	Vxworks

Configuration 1 [-]

OR	cpe:2.3:o:windriver:vxworks:6.9:::::::*
	cpe:2.3:o:windriver:vxworks:7.0:-::::::

No data.

References

Link	Providers
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-38346
https://support2.windriver.com/index.php?page=security-notices
https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/

History

Wed, 25 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-09-22T00:00:00

Updated: 2024-09-25T15:13:20.054Z

Reserved: 2023-07-15T00:00:00

Link: CVE-2023-38346

Vulnrichment

Updated: 2024-08-02T17:39:13.507Z

NVD

Status : Modified

Published: 2023-09-22T19:15:09.593

Modified: 2024-11-21T08:13:22.843

Link: CVE-2023-38346

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-38346", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-25T15:13:20.054Z", "dateReserved": "2023-07-15T00:00:00", "datePublished": "2023-09-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-22T18:22:19.692072"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the \"tarExtract\" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://support2.windriver.com/index.php?page=security-notices"}, {"url": "https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/"}, {"url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-38346"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:13.507Z"}, "title": "CVE Program Container", "references": [{"url": "https://support2.windriver.com/index.php?page=security-notices", "tags": ["x_transferred"]}, {"url": "https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/", "tags": ["x_transferred"]}, {"url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-38346", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "affected": [{"vendor": "windriver", "product": "vxworks", "cpes": ["cpe:2.3:o:windriver:vxworks:6.9:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.9", "status": "affected"}]}, {"vendor": "windriver", "product": "vxworks", "cpes": ["cpe:2.3:o:windriver:vxworks:7.0:-:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.0", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-25T15:13:15.430339Z", "id": "CVE-2023-38346", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T15:13:20.054Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support2.windriver.com/index.php?page=security-notices", "tags": ["x_transferred"]}, {"url": "https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/", "tags": ["x_transferred"]}, {"url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-38346", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:13.507Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-38346", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-25T15:13:15.430339Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:windriver:vxworks:6.9:*:*:*:*:*:*:*"], "vendor": "windriver", "product": "vxworks", "versions": [{"status": "affected", "version": "6.9"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:windriver:vxworks:7.0:-:*:*:*:*:*:*"], "vendor": "windriver", "product": "vxworks", "versions": [{"status": "affected", "version": "7.0"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T15:12:41.607Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://support2.windriver.com/index.php?page=security-notices"}, {"url": "https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/"}, {"url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-38346"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the \"tarExtract\" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-22T18:22:19.692072"}}}, "cveMetadata": {"cveId": "CVE-2023-38346", "state": "PUBLISHED", "dateUpdated": "2024-09-25T15:13:20.054Z", "dateReserved": "2023-07-15T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-09-22T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:windriver:vxworks:6.9:*:*:*:*:*:*:*", "matchCriteriaId": "01004955-97D1-4F7E-80D4-4B1509945FBF", "vulnerable": true}, {"criteria": "cpe:2.3:o:windriver:vxworks:7.0:-:*:*:*:*:*:*", "matchCriteriaId": "F3497F9B-A721-4289-A49F-A19D0F7F0148", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the \"tarExtract\" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Wind River VxWorks 6.9 y 7. La funci\u00f3n ``tarExtract`` implementa la extracci\u00f3n de archivos TAR y, por lo tanto, tambi\u00e9n procesa archivos dentro de un archivo que tienen rutas de archivo relativas o absolutas. Un desarrollador que utilice la funci\u00f3n \"tarExtract\" puede esperar que la funci\u00f3n elimine las barras diagonales iniciales de las rutas absolutas o detenga el procesamiento cuando encuentre rutas relativas que est\u00e9n fuera de la ruta de extracci\u00f3n, a menos que se fuerce lo contrario. Esto podr\u00eda dar lugar a un comportamiento inesperado y no documentado, que en general podr\u00eda dar lugar a un Directory Traversal y un comportamiento inesperado asociado."}], "id": "CVE-2023-38346", "lastModified": "2024-11-21T08:13:22.843", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-09-22T19:15:09.593", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-38346"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support2.windriver.com/index.php?page=security-notices"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-38346"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support2.windriver.com/index.php?page=security-notices"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}