Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-16544

Опубликовано: 20 нояб. 2017
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.5
CVSS3: 8.8

Описание

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

РелизСтатусПримечание
artful

ignored

end of life
bionic

released

1:1.27.2-1ubuntu4
cosmic

released

1:1.27.2-1ubuntu4
devel

released

1:1.27.2-1ubuntu4
disco

released

1:1.27.2-1ubuntu4
eoan

released

1:1.27.2-1ubuntu4
esm-infra-legacy/trusty

released

1:1.21.0-1ubuntu1.4
esm-infra/bionic

released

1:1.27.2-1ubuntu4
esm-infra/focal

released

1:1.27.2-1ubuntu4
esm-infra/xenial

released

1:1.22.0-15ubuntu1.4

Показывать по

Ссылки на источники

EPSS

Процентиль: 80%
0.01476
Низкий

6.5 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-16544

CVSS3: 4.8
redhat
почти 8 лет назад

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

nvd логотип

CVE-2017-16544

CVSS3: 8.8
nvd
почти 8 лет назад

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

debian логотип

CVE-2017-16544

CVSS3: 8.8
debian
почти 8 лет назад

In the add_match function in libbb/lineedit.c in BusyBox through 1.27. ...

github логотип

GHSA-234c-568r-p7m4

CVSS3: 8.8
github
больше 3 лет назад

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

fstec логотип

BDU:2021-03363

CVSS3: 8.8
fstec
около 8 лет назад

Уязвимость функции add_match компонента libbb/lineedit.c набора UNIX-утилит командной строки BusyBox, связанная с недостатком механизма управления генерацией кода, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 80%
0.01476
Низкий

6.5 Medium

CVSS2

8.8 High

CVSS3