Listen to this Post
How the CVE Works
The vulnerability in OSV-SCALIBR’s container image unpacking function (unpack()) allows path traversal when processing malicious container images. Attackers exploiting the `–remote-image` CLI flag can write arbitrary files to the host system as the OSV-SCALIBR user. This occurs due to insufficient validation of file paths during extraction, enabling directory escape sequences (e.g., ../) to overwrite system files. The flaw affects versions 0.1.3 to 0.2.0, allowing unauthorized modifications if untrusted images are processed.
DailyCVE Form
Platform: OSV-SCALIBR
Version: 0.1.3-0.2.0
Vulnerability: Path Traversal
Severity: Moderate
Date: Jun 18, 2025
Prediction: Patch by Jul 2, 2025
What Undercode Say
$ osv-scalibr unpack --remote-image malicious_image.tar $ grep -r "unpack()" /src/osv-scalibr $ python3 exploit.py --target host --image payload.tar
How Exploit
- Craft a container image with `../` sequences in filenames.
- Use `–remote-image` to trigger unpacking.
- Overwrite host files as OSV-SCALIBR user.
Protection from this CVE
- Upgrade to v0.2.1.
- Disable `–remote-image` for untrusted sources.
- Implement path sanitization.
Impact
- Unauthorized host file modification.
- Potential privilege escalation.
- System integrity compromise.
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
