Published: 26/01/2023 Updated: 06/02/2023

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b up to and including 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b up to and including 2.3.3 included.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft binwalk

CVE-2022-4510 A path traversal vulnerability was identified in ReFirm Labs binwalk from version 212b through 233 included By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option) Remote code execution can be achieved by building a PFS filesystem

CWE-22 https://github.com/ReFirmLabs/binwalk/pull/617 https://github.com/Live-Hack-CVE/CVE-2022-4510 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-4510

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect