Homepage
About Snyk

binwalk@2.1.0 vulnerabilities

Firmware analysis tool

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the binwalk package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Directory Traversal

binwalk is a Firmware analysis tool

Affected versions of this package are vulnerable to Directory Traversal in the extractor() function in plugins/unpfs.py, which allows an attacker to extract files at arbitrary locations when binwalk is run in extraction mode (with the -e option). Remote code execution can be achieved by building a PFS filesystem that extracts a malicious binwalk module into the folder .config/binwalk/plugins.

How to fix Directory Traversal?

A fix was pushed into the master branch but not yet published.

[0,)
  • M
Directory Traversal

binwalk is a Firmware analysis tool

Affected versions of this package are vulnerable to Directory Traversal due to lack of symlink sanitization in the Extractor class in modules/extractor.py.

How to fix Directory Traversal?

A fix was pushed into the master branch but not yet published.

[0,)
Go back to all versions of this package