Quentin Kaiser
Quentin Kaiser
I've seen a few reports of people wanting to give unblob a try on AARCH64 targets (mostly Apple M1 or M2) but couldn't because our Docker images are only built...
We should check the extracted file size during chunk parsing to avoid filling up the disk when extracting malicious nested archives. Samples can be found here: https://www.bamsoftware.com/hacks/zipbomb/ For zip bombs,...
Fixed path traversal in python's builtin tarfile module and added a privilege check when tarfile attempts to create device files. This fixes #456 and #459 Brought to you by the...
Yet another episode in our quest to find a proper TAR extractor that does not get in the f* way. I had a quick chat with someone at Hexacon who...
Python3 builtin tar extractor does not pay attention to the current privilege level and will try to create device files even if we don't have elevated privileges: ``` 2022-10-03 07:44.28...
When recursively dumping the content of an ext2 filesystem where extended attribute value conflicts with key using `rdump / /tmp/out`, debugfs get's in an endless loop. This is due to...
### Description I've been playing with Joern recently to identify format string vulnerabilities in C code using data flow tracking with `reachableByFlows`: ```scala val sink = cpg.call.name("fprintf").argument.order(2) val src =...
### Description [unblob](https://unblob.org) is an accurate, fast, and easy-to-use extraction suite. It parses unknown binary blobs for more than 30 different archive, compression, and file-system formats, extracts their content recursively,...
Early draft to take care of archives and filesystems holding duplicate entries. We need to decide on a strategy when that happens: - overwrite the previous entry with the new...
We were initially extracting extfs filesystems with `7z` but the support was not extensive enough so we moved to `debugfs`. Since then we had to fight with multiple bugs in...