CVE-2023-0591

Name: CVE-2023-0591
Creator: NVD / NIST
Published: 2023-01-31T10:15:10.253+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.5/10EPSS 0.39%

Last modified Jun 17, 2026

CVE-2023-0591 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_node.name) is considered trusted and joined to the extraction directory path during processing, then the node content is written to that joined path. By crafting a malicious UBIFS file with node names holding path traversal payloads (e.g. EPSS estimates a 0.39% chance of exploitation in the next 30 days.

Description

ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_node.name) is considered trusted and joined to the extraction directory path during processing, then the node content is written to that joined path. By crafting a malicious UBIFS file with node names holding path traversal payloads (e.g. ../../tmp/outside.txt), it's possible to force ubi_reader to write outside of the extraction directory. This issue affects ubi-reader before 0.8.5.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS Probability

0.39%

30.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Ubi Reader Project	Ubi Reader	< 0.8.5

References

https://github.com/jrspruitt/ubi_reader/pull/57Patch, Third Party Advisory
https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/Exploit, Third Party Advisory
https://github.com/jrspruitt/ubi_reader/pull/57Patch, Third Party Advisory
https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/Exploit, Third Party Advisory

Timeline

Published: Jan 31, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-0591?

How severe is CVE-2023-0591?

CVE-2023-0591 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.39% probability of exploitation in the next 30 days.

How do I fix CVE-2023-0591?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-0591?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST