PT-2024-40332 · Jadx · Jadx
Published
2024-04-22
·
Updated
2024-04-22
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
jadx (affected versions not specified)
Description
The issue arises when jadx parses a resource file, specifically with an escape problem related to style files. This can lead to overwriting other files in the directory when saving the decompiled result. The problem is exploited by modifying a malicious file's type from raw to style, tricking jadx into overwriting files. The estimated number of potentially affected devices is not provided, and there is no information about real-world incidents where this issue was exploited.
Technical details about exploitation include:
- Modifying the type of a file to style to exploit the escape problem.
- Using a malicious file to overwrite other files in the directory.
- The
getResAliasfunction is mentioned as doing something with the filename, but for type style, it returns the original filename directly.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jadx