Bug 1207744 (CVE-2022-4510) - VUL-0: CVE-2022-4510: binwalk: path traversal in PFS extractor script
Summary: VUL-0: CVE-2022-4510: binwalk: path traversal in PFS extractor script
Status: IN_PROGRESS
Alias: CVE-2022-4510
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.4
Hardware: Other Other
: P3 - Medium : Normal (vote)
Target Milestone: Leap 15.4
Assignee: Boris Manojlovic
QA Contact: E-mail List
URL: https://smash.suse.de/issue/355272/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-01-30 08:59 UTC by Stoyan Manolov
Modified: 2023-01-30 16:21 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stoyan Manolov 2023-01-30 08:59:46 UTC 
rh#2165005

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.2 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins.

Upstream PR:
https://github.com/ReFirmLabs/binwalk/pull/617

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2165005
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4510
https://www.cve.org/CVERecord?id=CVE-2022-4510
https://github.com/ReFirmLabs/binwalk/pull/617
Comment 1 Boris Manojlovic 2023-01-30 09:26:44 UTC 
patch applied and SR pushed to Factory, waiting for acceptance
Comment 2 Boris Manojlovic 2023-01-30 16:21:13 UTC 
accepted in openSUSE:Factory