Miggo Logo
Miggo Vulnerability Database
CVE-2021-4287

CVE-2021-4287: binwalk vulnerable to UNIX Symbolic Link (Symlink) Following

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-4287
GHSA ID
GHSA-8m3f-g62j-3vx8
EPSS Score
0.58658%
CWE
CWE-59
Published
12/27/2022
Updated
7/18/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
binwalkpip< 2.3.32.3.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from two key issues in extractor.py: 1) The callback function processed extracted files/directories without sanitizing symlinks (added in patch via symlink_sanitizer). 2) add_pending function's pre-patch logic (line 190 in diff) allowed recursive processing without validating symlink targets. The patch added: a) symlink sanitization checks, b) --preserve-symlinks opt-out, c) privilege dropping. These functions directly handled archive extraction flow without security checks present in patched versions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility, w*i** w*s *l*ssi*i** *s pro*l*m*ti*, w*s *oun* in R**irm L**s *inw*lk up to *.*.*. *****t** is *n unknown *un*tion o* t** *il* sr*/*inw*lk/mo*ul*s/*xtr**tor.py o* t** *ompon*nt *r**iv* *xtr**tion **n*l*r. T** m*nipul*tion l***s to sy

Reasoning

T** vuln*r**ility st*mm** *rom two k*y issu*s in *xtr**tor.py: *) T** **ll***k *un*tion pro**ss** *xtr**t** *il*s/*ir**tori*s wit*out s*nitizin* symlinks (***** in p*t** vi* symlink_s*nitiz*r). *) ***_p*n*in* *un*tion's pr*-p*t** lo*i* (lin* *** in *