CVE-2024-43399: 
Python vulnerability analysis and mitigation

Mobile Security Framework (MobSF), a pen-testing and malware analysis tool, was found to contain a critical vulnerability (CVE-2024-43399) with a CVSS score of 9.8. The vulnerability affects all versions up to and including 4.0.6 and was discovered in the Static Libraries analysis section, specifically in the handling of .a extension files (NVD, SecurityOnline).

The vulnerability stems from an improperly implemented mitigation technique designed to prevent Zip Slip attacks in the Static Analyzer's handling of .a extension files. The flaw is located in the mobsf/StaticAnalyzer/views/common/shared_func.py file, where the replace operation intended to neutralize dangerous file paths can be bypassed using specially crafted sequences like ....//....//....//.. This bypass allows an attacker to escalate the file path to higher directory levels (SecurityOnline, GitHub Advisory).

The vulnerability allows attackers to extract files to any desired location within the server running MobSF. This could lead to total system compromise through the ability to overwrite critical files. A proof of concept demonstrated the ability to overwrite the MobSF database located at /home/mobsf/.MobSF/db.sqlite3, rendering the platform unusable. More malicious actions, including achieving Remote Code Execution (RCE) by overwriting essential binaries or the /etc/passwd file, are possible (SecurityOnline).

The vulnerability has been patched in MobSF version 4.0.7. Users of affected versions (4.0.6 and earlier) are strongly urged to update to the latest version immediately (ASEC, NVD).