High
resolved
resolved
Arbitrary File Write
Bug reported by newby was disclosed at October 19, 2025, 9:19 pm | Path Traversal
A path traversal vulnerability was discovered in the protodump tool. The vulnerability allowed for arbitrary file writes outside the intended output directory due to insufficient validation of the go_package option extracted from embedded protobuf descriptors. The Filename() function extracted the go_package option without sanitization, enabling an attacker to create a malicious binary with a crafted go_package value containing path traversal sequences. When the user ran protodump on this binary, the tool wrote the extracted proto file to an arbitrary location on the filesystem.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
