CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-0593

A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.5%

CVSS Severity

CVSS v3 Score 5.5

References

https://github.com/devttys0/yaffshiv/pull/3/files
https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/
https://github.com/devttys0/yaffshiv/pull/3/files
https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/

Products affected by CVE-2023-0593

Yaffshiv Project » Yaffshiv » Version: N/A

cpe:2.3:a:yaffshiv_project:yaffshiv:-
Yaffshiv Project » Yaffshiv » Version: 0.1

cpe:2.3:a:yaffshiv_project:yaffshiv:0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-0593

Products

Pricing

Contact Us