UBUNTU-CVE-2026-7179

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2026-7179
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7179.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-7179
Upstream
  • CVE-2026-7179
Published
2026-04-27T23:16:00Z
Modified
2026-05-26T19:29:32.171183222Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function readnullterminatedstring of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.filename leads to path traversal. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project maintainer confirms this issue: "I accept the existence of the Path Traversal vulnerability. However, as stated in the Github link, it reached EOL and as a result no actions should be expected." The GitHub repository mentions, that "[u]sers and contributors should migrate to binwalk v3." This vulnerability only affects products that are no longer supported by the maintainer.

References

Affected packages

Ubuntu:16.04:LTS
binwalk

Package

Name
binwalk
Purl
pkg:deb/ubuntu/binwalk?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.0.1+dfsg-1
2.0.1+dfsg-2
2.0.1+dfsg-3
2.1.1-1
2.1.1-2
2.1.1-3
2.1.1-4

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "binwalk",
            "binary_version": "2.1.1-4"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7179.json"
Ubuntu:18.04:LTS
binwalk

Package

Name
binwalk
Purl
pkg:deb/ubuntu/binwalk?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.1.1-16

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "binwalk",
            "binary_version": "2.1.1-16"
        },
        {
            "binary_name": "python3-binwalk",
            "binary_version": "2.1.1-16"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7179.json"
Ubuntu:20.04:LTS
binwalk

Package

Name
binwalk
Purl
pkg:deb/ubuntu/binwalk?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.1.2~git20180830+dfsg1-1
2.2.0+dfsg1-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "binwalk",
            "binary_version": "2.2.0+dfsg1-1"
        },
        {
            "binary_name": "python3-binwalk",
            "binary_version": "2.2.0+dfsg1-1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7179.json"
Ubuntu:22.04:LTS
binwalk

Package

Name
binwalk
Purl
pkg:deb/ubuntu/binwalk?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.3.2+dfsg1-1
2.3.3+dfsg1-2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "binwalk",
            "binary_version": "2.3.3+dfsg1-2"
        },
        {
            "binary_name": "python3-binwalk",
            "binary_version": "2.3.3+dfsg1-2"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7179.json"
Ubuntu:24.04:LTS
binwalk

Package

Name
binwalk
Purl
pkg:deb/ubuntu/binwalk?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.3.4+dfsg1-1
2.3.4+dfsg1-2~build1
2.3.4+dfsg1-2
2.3.4+dfsg1-3~build1
2.3.4+dfsg1-3
2.3.4+dfsg1-4
2.3.4+dfsg1-4ubuntu1
2.3.4+dfsg1-5

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "binwalk",
            "binary_version": "2.3.4+dfsg1-5"
        },
        {
            "binary_name": "python3-binwalk",
            "binary_version": "2.3.4+dfsg1-5"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7179.json"
Ubuntu:25.10
binwalk

Package

Name
binwalk
Purl
pkg:deb/ubuntu/binwalk?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.4.3+dfsg1-2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "binwalk",
            "binary_version": "2.4.3+dfsg1-2"
        },
        {
            "binary_name": "python3-binwalk",
            "binary_version": "2.4.3+dfsg1-2"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7179.json"
Ubuntu:26.04:LTS
binwalk

Package

Name
binwalk
Purl
pkg:deb/ubuntu/binwalk?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.4.3+dfsg1-2
2.4.3+dfsg1-2build1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "binwalk",
            "binary_version": "2.4.3+dfsg1-2build1"
        },
        {
            "binary_name": "python3-binwalk",
            "binary_version": "2.4.3+dfsg1-2build1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7179.json"