Description

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included.

Related CPE's

a

microsoft

binwalk

Vulnerable

References

https://github.com/ReFirmLabs/binwalk/pull/617

ExploitPatchThird Party Advisory

https://security.gentoo.org/glsa/202309-07

https://github.com/ReFirmLabs/binwalk/pull/617

ExploitPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2025/12/msg00022.html

https://security.gentoo.org/glsa/202309-07

Weaknesses

[email protected]

Secondary
CWE-22

[email protected]

Primary
CWE-22

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-26T20:18:06.547Z

3 years ago

Last modified

2025-12-16T08:15:51.573Z

3 months ago