CVE-2023-0592
CVSS V2 None
CVSS V3 None
Description
A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1.
Overview
- CVE ID
- CVE-2023-0592
- Assigner
- research@onekey.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-01-31T10:15:10
- Last Modified Date
- 2023-02-08T16:34:42
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:jefferson_project:jefferson:*:*:*:*:*:*:*:* | 1 | OR | 0.4.1 |
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/sviehb/jefferson/commit/971aca1a8b3b9f4fcb4674fa9621d3349195cdc6 | Patch Third Party Advisory |
| https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/ | Exploit Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-0592 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0592 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 06:59:43 | Added to TrackCVE | |||
| 2023-04-17 06:59:46 | Weakness Enumeration | new |