CVE-2023-0591

Name of the Vulnerable Software and Affected Versions ubi-reader versions prior to 0.8.5

Description The issue is related to path traversal when running against specifically crafted UBIFS files, allowing an attacker to overwrite files outside of the extraction directory if the process has write access. This occurs because a node name (dent node.name) is considered trusted and joined to the extraction directory path during processing, and then the node content is written to that joined path. By crafting a malicious UBIFS file with node names holding path traversal payloads (e.g., ../../tmp/outside.txt), it's possible to force the software to write outside of the extraction directory.

Recommendations For versions prior to 0.8.5, update to version 0.8.5 or later to resolve the issue. As a temporary workaround, consider restricting write access to sensitive files and directories to minimize the risk of exploitation. Additionally, be cautious when processing UBIFS files from untrusted sources.