CVE-2022-4510 (GCVE-0-2022-4510)

Vulnerability from cvelistv5 – Published: 2023-01-25 12:25 – Updated: 2025-03-27 19:55
VLAI?
Summary
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
Vendor Product Version
Refirm Labs binwalk Affected: 2.1.2b , ≤ 2.3.3 (2.1.2b)
Create a notification for this product.
Credits
Quentin Kaiser from ONEKEY Research Labs
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:41:45.526Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ReFirmLabs/binwalk/pull/617"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202309-07"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-4510",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-27T19:54:52.860514Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-27T19:55:06.184Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "PFS extractor"
          ],
          "packageName": "binwalk",
          "platforms": [
            "Linux",
            "MacOS"
          ],
          "product": "binwalk",
          "programFiles": [
            "https://github.com/ReFirmLabs/binwalk/blob/11a9bcd4451c4e5ff5db5abbc0df06e7b8838568/src/binwalk/plugins/unpfs.py"
          ],
          "repo": "https://github.com/ReFirmLabs/binwalk/",
          "vendor": "Refirm Labs",
          "versions": [
            {
              "lessThanOrEqual": "2.3.3",
              "status": "affected",
              "version": "2.1.2b",
              "versionType": "2.1.2b"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Quentin Kaiser from ONEKEY Research Labs"
        }
      ],
      "datePublic": "2023-01-26T09:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk\u0027s PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction,\u0026nbsp;would extract a malicious binwalk module into the folder .config/binwalk/plugins.\u003cbr\u003e\u003c/span\u003e\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003esrc/binwalk/plugins/unpfs.py\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects binwalk from 2.1.2b through 2.3.3 included.\u003c/p\u003e"
            }
          ],
          "value": "A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk\u0027s PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction,\u00a0would extract a malicious binwalk module into the folder .config/binwalk/plugins.\n This vulnerability is associated with program files src/binwalk/plugins/unpfs.py.\n\nThis issue affects binwalk from 2.1.2b through 2.3.3 included."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The finder provided a proof-of-concept publicly so that maintainers could reproduce the vulnerability (see \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/ReFirmLabs/binwalk/pull/617\"\u003ehttps://github.com/ReFirmLabs/binwalk/pull/617\u003c/a\u003e)."
            }
          ],
          "value": "The finder provided a proof-of-concept publicly so that maintainers could reproduce the vulnerability (see  https://github.com/ReFirmLabs/binwalk/pull/617 https://github.com/ReFirmLabs/binwalk/pull/617 )."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-549",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-549 Local Execution of Code"
            }
          ]
        },
        {
          "capecId": "CAPEC-126",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-126 Path Traversal"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-17T08:07:04.222Z",
        "orgId": "2d533b80-6e4a-4e20-93e2-171235122846",
        "shortName": "ONEKEY"
      },
      "references": [
        {
          "url": "https://github.com/ReFirmLabs/binwalk/pull/617"
        },
        {
          "url": "https://security.gentoo.org/glsa/202309-07"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2022-10-26T07:51:00.000Z",
          "value": "Reported to binwalk maintainers with a pull request containing the fix (https://github.com/ReFirmLabs/binwalk/pull/617)"
        },
        {
          "lang": "en",
          "time": "2023-01-23T08:00:00.000Z",
          "value": "Reported to MSRC since they acquired Refirm Labs and we\u0027ve observed the CPE \u0027microsoft:binwalk\u0027 for CVE-2021-4287"
        },
        {
          "lang": "en",
          "time": "2023-01-25T08:00:00.000Z",
          "value": "MSRC answers they do not consider binwalk a Microsoft product."
        }
      ],
      "title": "Path Traversal in binwalk",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following workaround would fix the vulnerability:\u003cbr\u003e\u003cul\u003e\u003cli\u003eremoving the unpfs extractor from your local install of binwalk\u003c/li\u003e\u003cli\u003edisabling the unpfs extractor by editing binwalk\u0027s extract.conf configuration file\u003c/li\u003e\u003cli\u003eapply the fix provided at\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/ReFirmLabs/binwalk/pull/617\"\u003ehttps://github.com/ReFirmLabs/binwalk/pull/617\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "The following workaround would fix the vulnerability:\n  *  removing the unpfs extractor from your local install of binwalk\n  *  disabling the unpfs extractor by editing binwalk\u0027s extract.conf configuration file\n  *  apply the fix provided at\u00a0 https://github.com/ReFirmLabs/binwalk/pull/617 https://github.com/ReFirmLabs/binwalk/pull/617"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2d533b80-6e4a-4e20-93e2-171235122846",
    "assignerShortName": "ONEKEY",
    "cveId": "CVE-2022-4510",
    "datePublished": "2023-01-25T12:25:14.811Z",
    "dateReserved": "2022-12-15T08:12:09.055Z",
    "dateUpdated": "2025-03-27T19:55:06.184Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:binwalk:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.2.0\", \"versionEndExcluding\": \"2.3.3\", \"matchCriteriaId\": \"E0573243-9C2F-4B14-8188-A01F9457D408\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"\\nA path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk\u0027s PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction,\\u00a0would extract a malicious binwalk module into the folder .config/binwalk/plugins.\\n This vulnerability is associated with program files src/binwalk/plugins/unpfs.py.\\n\\nThis issue affects binwalk from 2.1.2b through 2.3.3 included.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Se identific\\u00f3 una vulnerabilidad de path traversal en binwalk de ReFirm Labs desde la versi\\u00f3n 2.1.2b hasta la 2.3.3 incluidas. Mediante la creaci\\u00f3n de un archivo de sistema de archivos PFS malicioso, un atacante puede hacer que el extractor PFS de binwalk extraiga archivos en ubicaciones arbitrarias cuando binwalk se ejecuta en modo de extracci\\u00f3n (opci\\u00f3n -e). Se puede lograr la ejecuci\\u00f3n remota de c\\u00f3digo creando un sistema de archivos PFS que, al extraerlo, extraiga un m\\u00f3dulo malicioso de binwalk en la carpeta .config/binwalk/plugins. Esta vulnerabilidad est\\u00e1 asociada a los archivos de programa src/binwalk/plugins/unpfs.py. Este problema afecta a binwalk desde la versi\\u00f3n 2.1.2b hasta la 2.3.3 incluidas.\"}]",
      "id": "CVE-2022-4510",
      "lastModified": "2024-11-21T07:35:24.413",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"research@onekey.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2023-01-26T21:18:06.547",
      "references": "[{\"url\": \"https://github.com/ReFirmLabs/binwalk/pull/617\", \"source\": \"research@onekey.com\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202309-07\", \"source\": \"research@onekey.com\"}, {\"url\": \"https://github.com/ReFirmLabs/binwalk/pull/617\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202309-07\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "research@onekey.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"research@onekey.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-4510\",\"sourceIdentifier\":\"research@onekey.com\",\"published\":\"2023-01-26T21:18:06.547\",\"lastModified\":\"2025-02-13T17:15:50.957\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk\u0027s PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction,\u00a0would extract a malicious binwalk module into the folder .config/binwalk/plugins.\\n This vulnerability is associated with program files src/binwalk/plugins/unpfs.py.\\n\\nThis issue affects binwalk from 2.1.2b through 2.3.3 included.\"},{\"lang\":\"es\",\"value\":\"Se identific\u00f3 una vulnerabilidad de path traversal en binwalk de ReFirm Labs desde la versi\u00f3n 2.1.2b hasta la 2.3.3 incluidas. Mediante la creaci\u00f3n de un archivo de sistema de archivos PFS malicioso, un atacante puede hacer que el extractor PFS de binwalk extraiga archivos en ubicaciones arbitrarias cuando binwalk se ejecuta en modo de extracci\u00f3n (opci\u00f3n -e). Se puede lograr la ejecuci\u00f3n remota de c\u00f3digo creando un sistema de archivos PFS que, al extraerlo, extraiga un m\u00f3dulo malicioso de binwalk en la carpeta .config/binwalk/plugins. Esta vulnerabilidad est\u00e1 asociada a los archivos de programa src/binwalk/plugins/unpfs.py. Este problema afecta a binwalk desde la versi\u00f3n 2.1.2b hasta la 2.3.3 incluidas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"research@onekey.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"research@onekey.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:binwalk:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.2.0\",\"versionEndExcluding\":\"2.3.3\",\"matchCriteriaId\":\"E0573243-9C2F-4B14-8188-A01F9457D408\"}]}]}],\"references\":[{\"url\":\"https://github.com/ReFirmLabs/binwalk/pull/617\",\"source\":\"research@onekey.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202309-07\",\"source\":\"research@onekey.com\"},{\"url\":\"https://github.com/ReFirmLabs/binwalk/pull/617\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202309-07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/ReFirmLabs/binwalk/pull/617\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202309-07\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T01:41:45.526Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-4510\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-27T19:54:52.860514Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-27T19:54:58.463Z\"}}], \"cna\": {\"title\": \"Path Traversal in binwalk\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Quentin Kaiser from ONEKEY Research Labs\"}], \"impacts\": [{\"capecId\": \"CAPEC-549\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-549 Local Execution of Code\"}]}, {\"capecId\": \"CAPEC-126\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-126 Path Traversal\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/ReFirmLabs/binwalk/\", \"vendor\": \"Refirm Labs\", \"modules\": [\"PFS extractor\"], \"product\": \"binwalk\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.1.2b\", \"versionType\": \"2.1.2b\", \"lessThanOrEqual\": \"2.3.3\"}], \"platforms\": [\"Linux\", \"MacOS\"], \"packageName\": \"binwalk\", \"programFiles\": [\"https://github.com/ReFirmLabs/binwalk/blob/11a9bcd4451c4e5ff5db5abbc0df06e7b8838568/src/binwalk/plugins/unpfs.py\"], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The finder provided a proof-of-concept publicly so that maintainers could reproduce the vulnerability (see  https://github.com/ReFirmLabs/binwalk/pull/617 https://github.com/ReFirmLabs/binwalk/pull/617 ).\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The finder provided a proof-of-concept publicly so that maintainers could reproduce the vulnerability (see \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://github.com/ReFirmLabs/binwalk/pull/617\\\"\u003ehttps://github.com/ReFirmLabs/binwalk/pull/617\u003c/a\u003e).\", \"base64\": false}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-10-26T07:51:00.000Z\", \"value\": \"Reported to binwalk maintainers with a pull request containing the fix (https://github.com/ReFirmLabs/binwalk/pull/617)\"}, {\"lang\": \"en\", \"time\": \"2023-01-23T08:00:00.000Z\", \"value\": \"Reported to MSRC since they acquired Refirm Labs and we\u0027ve observed the CPE \u0027microsoft:binwalk\u0027 for CVE-2021-4287\"}, {\"lang\": \"en\", \"time\": \"2023-01-25T08:00:00.000Z\", \"value\": \"MSRC answers they do not consider binwalk a Microsoft product.\"}], \"datePublic\": \"2023-01-26T09:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/ReFirmLabs/binwalk/pull/617\"}, {\"url\": \"https://security.gentoo.org/glsa/202309-07\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"The following workaround would fix the vulnerability:\\n  *  removing the unpfs extractor from your local install of binwalk\\n  *  disabling the unpfs extractor by editing binwalk\u0027s extract.conf configuration file\\n  *  apply the fix provided at\\u00a0 https://github.com/ReFirmLabs/binwalk/pull/617 https://github.com/ReFirmLabs/binwalk/pull/617\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The following workaround would fix the vulnerability:\u003cbr\u003e\u003cul\u003e\u003cli\u003eremoving the unpfs extractor from your local install of binwalk\u003c/li\u003e\u003cli\u003edisabling the unpfs extractor by editing binwalk\u0027s extract.conf configuration file\u003c/li\u003e\u003cli\u003eapply the fix provided at\u0026nbsp;\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://github.com/ReFirmLabs/binwalk/pull/617\\\"\u003ehttps://github.com/ReFirmLabs/binwalk/pull/617\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk\u0027s PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction,\\u00a0would extract a malicious binwalk module into the folder .config/binwalk/plugins.\\n This vulnerability is associated with program files src/binwalk/plugins/unpfs.py.\\n\\nThis issue affects binwalk from 2.1.2b through 2.3.3 included.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk\u0027s PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction,\u0026nbsp;would extract a malicious binwalk module into the folder .config/binwalk/plugins.\u003cbr\u003e\u003c/span\u003e\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003esrc/binwalk/plugins/unpfs.py\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects binwalk from 2.1.2b through 2.3.3 included.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"2d533b80-6e4a-4e20-93e2-171235122846\", \"shortName\": \"ONEKEY\", \"dateUpdated\": \"2023-09-17T08:07:04.222Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-4510\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-27T19:55:06.184Z\", \"dateReserved\": \"2022-12-15T08:12:09.055Z\", \"assignerOrgId\": \"2d533b80-6e4a-4e20-93e2-171235122846\", \"datePublished\": \"2023-01-25T12:25:14.811Z\", \"assignerShortName\": \"ONEKEY\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.