漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Busybox: busybox: arbitrary file overwrite and potential code execution via incomplete path sanitization
Vulnerability Description
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentially enabling code execution through the modification of sensitive system files.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
BusyBox 安全漏洞
Vulnerability Description
BusyBox是乌克兰Denis Vlasenko个人开发者的一套包含了多个linux命令和工具的应用程序。 BusyBox存在安全漏洞,该漏洞源于其归档提取工具路径清理不完整,可能导致提取恶意归档时任意文件覆盖,进而可能执行代码。
CVSS Information
N/A
Vulnerability Type
N/A