CVE-2023-38346

{"id": "CVE-2023-38346", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-09-22T19:15:09.593", "references": [{"url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-38346", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://support2.windriver.com/index.php?page=security-notices", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-38346", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support2.windriver.com/index.php?page=security-notices", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the \"tarExtract\" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Wind River VxWorks 6.9 y 7. La funci\u00f3n ``tarExtract`` implementa la extracci\u00f3n de archivos TAR y, por lo tanto, tambi\u00e9n procesa archivos dentro de un archivo que tienen rutas de archivo relativas o absolutas. Un desarrollador que utilice la funci\u00f3n \"tarExtract\" puede esperar que la funci\u00f3n elimine las barras diagonales iniciales de las rutas absolutas o detenga el procesamiento cuando encuentre rutas relativas que est\u00e9n fuera de la ruta de extracci\u00f3n, a menos que se fuerce lo contrario. Esto podr\u00eda dar lugar a un comportamiento inesperado y no documentado, que en general podr\u00eda dar lugar a un Directory Traversal y un comportamiento inesperado asociado."}], "lastModified": "2024-11-21T08:13:22.843", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:windriver:vxworks:6.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01004955-97D1-4F7E-80D4-4B1509945FBF"}, {"criteria": "cpe:2.3:o:windriver:vxworks:7.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3497F9B-A721-4289-A49F-A19D0F7F0148"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}