Skip to main content

UNIX Symbolic Link (Symlink) Following

CVE-2021-4287

Severity Medium
Score 6.5/10

Summary

A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk prior to 2.3.3. Affected is an unknown function of the file "src/binwalk/modules/extractor.py" of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. It is recommended to upgrade the affected component.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • NONE

CWE-61 - UNIX Symbolic Link (Symlink) Following

The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

Advisory Timeline

  • Published