Search criteria
2 vulnerabilities by Refirm Labs
CVE-2022-4510 (GCVE-0-2022-4510)
Vulnerability from cvelistv5 – Published: 2023-01-25 12:25 – Updated: 2025-03-27 19:55
VLAI?
Summary
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins.
This vulnerability is associated with program files src/binwalk/plugins/unpfs.py.
This issue affects binwalk from 2.1.2b through 2.3.3 included.
Severity ?
7.8 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Refirm Labs | binwalk |
Affected:
2.1.2b , ≤ 2.3.3
(2.1.2b)
|
Credits
Quentin Kaiser from ONEKEY Research Labs
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:41:45.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ReFirmLabs/binwalk/pull/617"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-07"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T19:54:52.860514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T19:55:06.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"PFS extractor"
],
"packageName": "binwalk",
"platforms": [
"Linux",
"MacOS"
],
"product": "binwalk",
"programFiles": [
"https://github.com/ReFirmLabs/binwalk/blob/11a9bcd4451c4e5ff5db5abbc0df06e7b8838568/src/binwalk/plugins/unpfs.py"
],
"repo": "https://github.com/ReFirmLabs/binwalk/",
"vendor": "Refirm Labs",
"versions": [
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "2.1.2b",
"versionType": "2.1.2b"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Quentin Kaiser from ONEKEY Research Labs"
}
],
"datePublic": "2023-01-26T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk\u0027s PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction,\u0026nbsp;would extract a malicious binwalk module into the folder .config/binwalk/plugins.\u003cbr\u003e\u003c/span\u003e\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003esrc/binwalk/plugins/unpfs.py\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects binwalk from 2.1.2b through 2.3.3 included.\u003c/p\u003e"
}
],
"value": "A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk\u0027s PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction,\u00a0would extract a malicious binwalk module into the folder .config/binwalk/plugins.\n This vulnerability is associated with program files src/binwalk/plugins/unpfs.py.\n\nThis issue affects binwalk from 2.1.2b through 2.3.3 included."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The finder provided a proof-of-concept publicly so that maintainers could reproduce the vulnerability (see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/ReFirmLabs/binwalk/pull/617\"\u003ehttps://github.com/ReFirmLabs/binwalk/pull/617\u003c/a\u003e)."
}
],
"value": "The finder provided a proof-of-concept publicly so that maintainers could reproduce the vulnerability (see https://github.com/ReFirmLabs/binwalk/pull/617 https://github.com/ReFirmLabs/binwalk/pull/617 )."
}
],
"impacts": [
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
},
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-17T08:07:04.222Z",
"orgId": "2d533b80-6e4a-4e20-93e2-171235122846",
"shortName": "ONEKEY"
},
"references": [
{
"url": "https://github.com/ReFirmLabs/binwalk/pull/617"
},
{
"url": "https://security.gentoo.org/glsa/202309-07"
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2022-10-26T07:51:00.000Z",
"value": "Reported to binwalk maintainers with a pull request containing the fix (https://github.com/ReFirmLabs/binwalk/pull/617)"
},
{
"lang": "en",
"time": "2023-01-23T08:00:00.000Z",
"value": "Reported to MSRC since they acquired Refirm Labs and we\u0027ve observed the CPE \u0027microsoft:binwalk\u0027 for CVE-2021-4287"
},
{
"lang": "en",
"time": "2023-01-25T08:00:00.000Z",
"value": "MSRC answers they do not consider binwalk a Microsoft product."
}
],
"title": "Path Traversal in binwalk",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following workaround would fix the vulnerability:\u003cbr\u003e\u003cul\u003e\u003cli\u003eremoving the unpfs extractor from your local install of binwalk\u003c/li\u003e\u003cli\u003edisabling the unpfs extractor by editing binwalk\u0027s extract.conf configuration file\u003c/li\u003e\u003cli\u003eapply the fix provided at\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/ReFirmLabs/binwalk/pull/617\"\u003ehttps://github.com/ReFirmLabs/binwalk/pull/617\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "The following workaround would fix the vulnerability:\n * removing the unpfs extractor from your local install of binwalk\n * disabling the unpfs extractor by editing binwalk\u0027s extract.conf configuration file\n * apply the fix provided at\u00a0 https://github.com/ReFirmLabs/binwalk/pull/617 https://github.com/ReFirmLabs/binwalk/pull/617"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2d533b80-6e4a-4e20-93e2-171235122846",
"assignerShortName": "ONEKEY",
"cveId": "CVE-2022-4510",
"datePublished": "2023-01-25T12:25:14.811Z",
"dateReserved": "2022-12-15T08:12:09.055Z",
"dateUpdated": "2025-03-27T19:55:06.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4287 (GCVE-0-2021-4287)
Vulnerability from cvelistv5 – Published: 2022-12-27 10:32 – Updated: 2025-04-11 14:42
VLAI?
Summary
A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876.
Severity ?
5 (Medium)
5 (Medium)
CWE
- CWE-61 - Symlink Following
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ReFirm Labs | binwalk |
Affected:
2.3.0
Affected: 2.3.1 Affected: 2.3.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:23:10.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.216876"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.216876"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/ReFirmLabs/binwalk/pull/556"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/ReFirmLabs/binwalk/commit/fa0c0bd59b8588814756942fe4cb5452e76c1dcd"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/ReFirmLabs/binwalk/releases/tag/v2.3.3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-11T14:42:13.101400Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-11T14:42:29.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Archive Extraction Handler"
],
"product": "binwalk",
"vendor": "ReFirm Labs",
"versions": [
{
"status": "affected",
"version": "2.3.0"
},
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "affected",
"version": "2.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in ReFirm Labs binwalk bis 2.3.2 gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei src/binwalk/modules/extractor.py der Komponente Archive Extraction Handler. Dank der Manipulation mit unbekannten Daten kann eine symlink following-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 2.3.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als fa0c0bd59b8588814756942fe4cb5452e76c1dcd bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 Symlink Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-27T10:35:39.742Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.216876"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.216876"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/ReFirmLabs/binwalk/pull/556"
},
{
"tags": [
"patch"
],
"url": "https://github.com/ReFirmLabs/binwalk/commit/fa0c0bd59b8588814756942fe4cb5452e76c1dcd"
},
{
"tags": [
"patch"
],
"url": "https://github.com/ReFirmLabs/binwalk/releases/tag/v2.3.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-12-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-12-27T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2022-12-27T11:40:34.000Z",
"value": "VulDB last update"
}
],
"title": "ReFirm Labs binwalk Archive Extraction extractor.py symlink"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2021-4287",
"datePublished": "2022-12-27T10:32:41.014Z",
"dateReserved": "2022-12-27T10:31:18.759Z",
"dateUpdated": "2025-04-11T14:42:29.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}