CVE-2023-0593
MEDIUMyaffshiv <= 0.1 - Path Traversal via Malicious YAFFS File
Title source: llmDescription
A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication.
References (2)
Core 2
Core References
Patch, Third Party Advisory
https://github.com/devttys0/yaffshiv/pull/3/files
Exploit, Third Party Advisory
https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/
Scores
CVSS v3
5.5
EPSS
0.0035
EPSS Percentile
27.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
yaffshiv_project/yaffshiv
< 0.1
Published
Jan 31, 2023
Tracked Since
Feb 18, 2026