CVE-2022-4572

Published: Dic 17, 2022 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2022-0347 Aliases: PYSEC-2022-43016
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,4
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: low

Description

AI Translation Available

A vulnerability, which was classified as problematic, has been found in UBI Reader up to 0.8.0. Affected by this issue is the function ubireader_extract_files of the file ubireader/ubifs/output.py of the component UBIFS File Handler. The manipulation leads to path traversal. The attack may be launched remotely. Upgrading to version 0.8.5 is able to address this issue. The name of the patch is d5d68e6b1b9f7070c29df5f67fc060f579ae9139. It is recommended to upgrade the affected component. VDB-216146 is the identifier assigned to this vulnerability.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0058
Percentile
0,7th
Updated

EPSS Score Trend (Last 90 Days)

22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Execute Unauthorized Code Or Commands Modify Files Or Directories Read Files Or Directories Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies: AI/ML
Likelihood of Exploit: High
View CWE Details
Application

Ubi Reader by Ubi Reader Project

Product Information
Vendor Ubi Reader Project
Product Ubi Reader
Version Range Affected
To 0.8.0 (inclusive)
cpe:2.3:a:ubi_reader_project:ubi_reader:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/jrspruitt/ubi_reader/commit/d5d68e6b1b9f…
Patch Third Party Advisory
https://github.com/jrspruitt/ubi_reader/commit/d5d68e6b1b9f7070c29df5f67fc060f5…
https://github.com/jrspruitt/ubi_reader/pull/57
Issue Tracking Patch Third Party Advisory
https://github.com/jrspruitt/ubi_reader/pull/57
https://github.com/jrspruitt/ubi_reader/releases/tag/v0.8.5…
Release Notes Third Party Advisory
https://github.com/jrspruitt/ubi_reader/releases/tag/v0.8.5-master
https://vuldb.com/?id.216146
Third Party Advisory
https://vuldb.com/?id.216146
https://github.com/jrspruitt/ubi_reader/commit/d5d68e6b1b9f…
Patch Third Party Advisory
https://github.com/jrspruitt/ubi_reader/commit/d5d68e6b1b9f7070c29df5f67fc060f5…
https://github.com/jrspruitt/ubi_reader/pull/57
Issue Tracking Patch Third Party Advisory
https://github.com/jrspruitt/ubi_reader/pull/57
https://github.com/jrspruitt/ubi_reader/releases/tag/v0.8.5…
Release Notes Third Party Advisory
https://github.com/jrspruitt/ubi_reader/releases/tag/v0.8.5-master
https://vuldb.com/?id.216146
Third Party Advisory
https://vuldb.com/?id.216146