Untriaged
Permalink
CVE-2023-0593
5.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): HIGH
- Availability impact (A): NONE
Path traversal in yaffshiv
A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication.
References
- https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/
- https://github.com/devttys0/yaffshiv/pull/3/files
- https://github.com/devttys0/yaffshiv/pull/3/files x_transferred
- https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/ x_transferred
- https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/
- https://github.com/devttys0/yaffshiv/pull/3/files
- https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/ x_transferred
- https://github.com/devttys0/yaffshiv/pull/3/files x_transferred
Affected products
yaffshiv
- =<0.1
Matching in nixpkgs
pkgs.yaffshiv
Simple YAFFS file system parser and extractor
-
nixos-unstable -
- nixpkgs-unstable 0-unstable-2024-08-30
Package maintainers
-
@stigtsp Stig Palmquist <stig@stig.io>