OpenWrt/LEDE Project

  • Status Closed
  • Percent Complete
  • Task Type Bug Report
  • Category Base system
  • Assigned To No-one
  • Operating System All
  • Severity Critical
  • Priority Very Low
  • Reported Version All
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by bugmenot - 20.11.2017
Last edited by Yousong Zhou - 26.01.2018

FS#1181 - CVE-2017-16544: A Busybox autocompletion vulnerability

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.


Closed by  Yousong Zhou
26.01.2018 07:45
Reason for closing:  Fixed
Additional comments about closing:  

The upstream patch is now merged


Available keyboard shortcuts


Task Details

Task Editing