cve-2023-38346
Vulnerability from cvelistv5
Published
2023-09-22 00:00
Modified
2024-09-25 15:13
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior.
References
cve@mitre.orghttps://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-38346Patch, Vendor Advisory
cve@mitre.orghttps://support2.windriver.com/index.php?page=security-noticesVendor Advisory
cve@mitre.orghttps://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-38346Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support2.windriver.com/index.php?page=security-noticesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/Exploit, Technical Description, Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:39:13.507Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support2.windriver.com/index.php?page=security-notices"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2023-38346"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:windriver:vxworks:6.9:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vxworks",
            "vendor": "windriver",
            "versions": [
              {
                "status": "affected",
                "version": "6.9"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:windriver:vxworks:7.0:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "vxworks",
            "vendor": "windriver",
            "versions": [
              {
                "status": "affected",
                "version": "7.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-38346",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T15:13:15.430339Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-22",
                "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T15:13:20.054Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the \"tarExtract\" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-22T18:22:19.692072",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://support2.windriver.com/index.php?page=security-notices"
        },
        {
          "url": "https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/"
        },
        {
          "url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2023-38346"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-38346",
    "datePublished": "2023-09-22T00:00:00",
    "dateReserved": "2023-07-15T00:00:00",
    "dateUpdated": "2024-09-25T15:13:20.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:6.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"01004955-97D1-4F7E-80D4-4B1509945FBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:7.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3497F9B-A721-4289-A49F-A19D0F7F0148\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the \\\"tarExtract\\\" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior.\"}, {\"lang\": \"es\", \"value\": \"Se descubri\\u00f3 un problema en Wind River VxWorks 6.9 y 7. La funci\\u00f3n ``tarExtract`` implementa la extracci\\u00f3n de archivos TAR y, por lo tanto, tambi\\u00e9n procesa archivos dentro de un archivo que tienen rutas de archivo relativas o absolutas. Un desarrollador que utilice la funci\\u00f3n \\\"tarExtract\\\" puede esperar que la funci\\u00f3n elimine las barras diagonales iniciales de las rutas absolutas o detenga el procesamiento cuando encuentre rutas relativas que est\\u00e9n fuera de la ruta de extracci\\u00f3n, a menos que se fuerce lo contrario. Esto podr\\u00eda dar lugar a un comportamiento inesperado y no documentado, que en general podr\\u00eda dar lugar a un Directory Traversal y un comportamiento inesperado asociado.\"}]",
      "id": "CVE-2023-38346",
      "lastModified": "2024-11-21T08:13:22.843",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2023-09-22T19:15:09.593",
      "references": "[{\"url\": \"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2023-38346\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://support2.windriver.com/index.php?page=security-notices\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2023-38346\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://support2.windriver.com/index.php?page=security-notices\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-38346\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-09-22T19:15:09.593\",\"lastModified\":\"2024-11-21T08:13:22.843\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the \\\"tarExtract\\\" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en Wind River VxWorks 6.9 y 7. La funci\u00f3n ``tarExtract`` implementa la extracci\u00f3n de archivos TAR y, por lo tanto, tambi\u00e9n procesa archivos dentro de un archivo que tienen rutas de archivo relativas o absolutas. Un desarrollador que utilice la funci\u00f3n \\\"tarExtract\\\" puede esperar que la funci\u00f3n elimine las barras diagonales iniciales de las rutas absolutas o detenga el procesamiento cuando encuentre rutas relativas que est\u00e9n fuera de la ruta de extracci\u00f3n, a menos que se fuerce lo contrario. Esto podr\u00eda dar lugar a un comportamiento inesperado y no documentado, que en general podr\u00eda dar lugar a un Directory Traversal y un comportamiento inesperado asociado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01004955-97D1-4F7E-80D4-4B1509945FBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3497F9B-A721-4289-A49F-A19D0F7F0148\"}]}]}],\"references\":[{\"url\":\"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2023-38346\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://support2.windriver.com/index.php?page=security-notices\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2023-38346\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://support2.windriver.com/index.php?page=security-notices\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support2.windriver.com/index.php?page=security-notices\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2023-38346\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T17:39:13.507Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-38346\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-25T15:13:15.430339Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:windriver:vxworks:6.9:*:*:*:*:*:*:*\"], \"vendor\": \"windriver\", \"product\": \"vxworks\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:windriver:vxworks:7.0:-:*:*:*:*:*:*\"], \"vendor\": \"windriver\", \"product\": \"vxworks\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.0\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-25T15:12:41.607Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://support2.windriver.com/index.php?page=security-notices\"}, {\"url\": \"https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/\"}, {\"url\": \"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2023-38346\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the \\\"tarExtract\\\" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-09-22T18:22:19.692072\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-38346\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-25T15:13:20.054Z\", \"dateReserved\": \"2023-07-15T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-09-22T00:00:00\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.