CVE-2025-46394

Опубликовано: 23 апр. 2025

Источник: debian

EPSS Низкий

Описание

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.

Пакет	Статус	Релиз	Тип
busybox	unfixed		package
busybox	postponed	trixie	package
busybox	postponed	bookworm	package
busybox	postponed	bullseye	package

https://bugs.busybox.net/show_bug.cgi?id=16018
https://www.openwall.com/lists/oss-security/2025/04/23/1
Proposed patch: https://lists.busybox.net/pipermail/busybox/2025-April/091461.html

EPSS

Процентиль: 2%

0.00015

Низкий

CVE-2025-46394

CVSS3: 3.2

ubuntu

7 месяцев назад

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.

CVE-2025-46394

CVSS3: 3.2

nvd

7 месяцев назад

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.

CVE-2025-46394

msrc

2 месяца назад

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.

GHSA-wp4q-9jq4-gv74

CVSS3: 3.2

github

7 месяцев назад

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.

EPSS

Процентиль: 2%

0.00015

Низкий