Magic Wormhole Arbitrary File Overwrite Vulnerability

A vulnerability in Magic Wormhole versions 0.21.0 to prior to 0.23.0 allows for arbitrary overwriting of local files when receiving files from a malicious sender. This issue can lead to the compromise of the receiver's computer by overwriting critical files such as ~/.ssh/authorized_keys and .bashrc. The vulnerability arises because the receiver's file handling does not properly validate incoming filenames, a flaw that was introduced in version 0.21.0 and has been corrected in version 0.23.0.

Impact

Exploiting this vulnerability can lead to unauthorized modifications of important local files, potentially allowing for further compromise of the user's system.

Remediation

Users are advised to upgrade to Magic Wormhole version 0.23.0, where this vulnerability has been fixed. As an alternative, the receiver can use the --output or -o option with the 'wormhole receive' command to specify a different filename, thereby avoiding the overwrite.