Nixpkgs security tracker

Untriaged

Permalink CVE-2023-0593

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): HIGH
Availability impact (A): NONE

created 1 year ago

Path traversal in yaffshiv

A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication.

References

https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/ x_transferred
https://github.com/devttys0/yaffshiv/pull/3/files x_transferred

Affected products

yaffshiv

=<0.1

Matching in nixpkgs

pkgs.yaffshiv

Simple YAFFS file system parser and extractor

nixos-unstable 0-unstable-2024-08-30
- nixpkgs-unstable 0-unstable-2024-08-30
- nixos-unstable-small 0-unstable-2024-08-30

Package maintainers

@stigtsp Stig Palmquist <stig@stig.io>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.yaffshiv

Package maintainers