What is CVE-2024-21633?

CVE-2024-21633 is a high-severity vulnerability in Ibotpeaches Apktool, classified under Path Traversal. CVSS score: 7.8/10. Published 2024-01-03.

How severe is CVE-2024-21633?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2024-21633 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Ibotpeaches Apktool

CVE-2024-21633

Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.805 (99.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Ibotpeaches Apktool — versions <= 2.9.1

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w (x_refsource_CONFIRM)
https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-21633?: CVE-2024-21633 is a high-severity vulnerability in Ibotpeaches Apktool, classified under Path Traversal. CVSS score: 7.8/10. Published 2024-01-03.
How severe is CVE-2024-21633?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2024-21633 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.