Wind River Support Network


LIN10-2620 : Security Advisory - busybox - CVE-2017-16544

Created: Nov 30, 2017    Updated: Mar 4, 2019
Resolved Date: Dec 10, 2017
Previous ID: LIN9-5911
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux LTS 17
Component/s: Userspace


In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

Other Downloads


Live chat