| 标题 | OSPG binwalk (Python version) <= 2.4.3 Path Traversal |
|---|
| 描述 | A path traversal vulnerability exists in the binwalk WinCE ROM extraction plugin (winceextract.py) that allows arbitrary file write when extracting crafted WinCE ROM firmware images. This can be escalated to Remote Code Execution (RCE) by planting a malicious binwalk plugin that executes on subsequent binwalk runs.
Note: The affected repository (https://github.com/OSPG/binwalk) has been officially archived by its maintainers as of November 2024, with a public statement that this version will receive no further updates as development has shifted to the Rust-based binwalk v3. Due to the archived status, GitHub does not allow opening issues, pull requests, or security advisories on the repository. No security policy (SECURITY.md) or dedicated security contact exists for the Python version.
Despite this, I made a good-faith effort to notify the maintainer by sending a detailed vulnerability report via email to the repository owner's publicly listed address ([email protected]) on 10-04-2026. Screenshots of this notification are attached in the advisory/exploit url.
I am proceeding with public disclosure and CVE assignment because: (1) the repository is archived with no mechanism to report security issues (2) the maintainers have explicitly stated no patches will be released for this version (3) the same disclosure approach was followed by the original CVE-2022-4510 researcher, who noted "I did not find any security/coordinated disclosure policy or contact info" and reported publicly (4) despite being unmaintained, binwalk v2.4.3 (Python) remains the default binwalk command pre-installed on every Kali Linux installation and is actively used by hundreds of thousands of security professionals, CTF participants, and automated firmware analysis pipelines worldwide.
Users are advised to migrate to binwalk v3.x (Rust rewrite), which is not affected by this vulnerability due to its centralized Chroot path sanitization architecture. |
|---|
| 来源 | ⚠️ https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/binwalk_path_traversal.md |
|---|
| 用户 | dhabaleshwar (UID 58737) |
|---|
| 提交 | 2026-04-10 17時55分 (17 日前) |
|---|
| 管理 | 2026-04-27 10時31分 (17 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 359781 [OSPG binwalk 直到 2.4.3 WinCE Extraction Plugin winceextract.py read_null_terminated_string self.file_name 目录遍历] |
|---|
| 积分 | 20 |
|---|