Wind River Support Network


LIN5-24001 : Security Advisory - busybox - CVE-2017-16544

Created: Nov 30, 2017    Updated: May 29, 2018
Resolved Date: Dec 6, 2017
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace


In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

Other Downloads

Live chat