CVE-2024-43399
published 2024-08-19CVE-2024-43399: Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.90%
55.2th percentile
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented. Since the implemented measure can be bypassed, the vulnerability allows an attacker to extract files to any desired location within the server running MobSF. This vulnerability is fixed in 4.0.7.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mobsf | mobile-security-framework-mobsf | < 4.0.7 | 4.0.7 |
| opensecurity | mobile_security_framework | < 4.0.7 | 4.0.7 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
ghsa·2024-08-19
CVE-2024-43399 [HIGH] CWE-22 Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
### Summary
Upon reviewing the MobSF source code, I identified a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented.
Since the implemented measure can be bypassed, the vulnerability allows an attacker to extract files to any desired location within the server running MobSF.
### Details
Upon examining lines 183-192 of the `mobsf/StaticAnalyzer/views/common/shared_func.py` file, it is observed that there is a mitigation against Zip Slip attacks implemented as `a.decode('utf-8', 'ignore').replace('../', '').replace('..\\', '')`. However, this measure can be bypassed using
OSV
Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
osv·2024-08-19
CVE-2024-43399 [HIGH] Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
### Summary
Upon reviewing the MobSF source code, I identified a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented.
Since the implemented measure can be bypassed, the vulnerability allows an attacker to extract files to any desired location within the server running MobSF.
### Details
Upon examining lines 183-192 of the `mobsf/StaticAnalyzer/views/common/shared_func.py` file, it is observed that there is a mitigation against Zip Slip attacks implemented as `a.decode('utf-8', 'ignore').replace('../', '').replace('..\\', '')`. However, this measure can be bypassed using
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-19
Published