CVE-2023-0591— UBI Reader 路径遍历漏洞

Path Traversal in ubi_reader

ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_node.name) is considered trusted and joined to the extraction directory path during processing, then the node content is written to that joined path. By crafting a malicious UBIFS file with node names holding path traversal payloads (e.g. ../../tmp/outside.txt), it's possible to force ubi_reader to write outside of the extraction directory. This issue affects ubi-reader before 0.8.5.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

对路径名的限制不恰当(路径遍历)

UBI Reader 路径遍历漏洞

UBI Reader是Jason Pruitt个人开发者的一个 Python 模块和脚本集合。能够提取 UBI 和 UBIFS 图像的内容，并分析这些图像以确定使用 mtd-utils 工具重新创建它们的参数设。 UBI Reader存在安全漏洞。攻击者利用该漏洞可以覆盖提取目录之外的文件。

N/A

N/A