Microsoft Binwalk vulnerabilities
2 known vulnerabilities affecting microsoft/binwalk.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-4510P2HIGHCVSS 7.8PoC≥ 2.2.0, < 2.3.32023-01-26
CVE-2022-4510 [HIGH] CVE-2022-4510: A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem th
ghsanvdosv
CVE-2021-4287P3MEDIUMCVSS 6.5fixed in 2.3.32022-12-27
CVE-2021-4287 [MEDIUM] CWE-61 CVE-2021-4287: A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2.
A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to addr
nvd