Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BusyBox 代码注入漏洞
Vulnerability Description
BusyBox是乌克兰软件开发者Denis Vlasenko所负责维护的一套包含了多个linux命令和工具的应用程序。 BusyBox 1.27.2及之前的版本中的libbb/lineedit.c文件的‘add_match’函数存在安全漏洞,该漏洞源于程序没有过滤文件名。攻击者可利用该漏洞执行代码或写入任意文件。
CVSS Information
N/A
Vulnerability Type
N/A