Vulnerability & Exploit Database

Back to search

Alpine Linux: CVE-2017-16544: busybox Multiple vulnerabilities

Severity CVSS Published Added Modified
7 (AV:N/AC:L/Au:S/C:P/I:P/A:P) November 20, 2017 November 24, 2017 December 11, 2017

Description

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

alpine-linux-upgrade-busybox

Related Vulnerabilities