VDB
DEBIAN-CVE-2017-16544
DEBIAN-CVE-2017-16544
PUBLISHED
CVSS 8.800000190734863 HIGH
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.
Risk Scores
CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | busybox | 0, 0, 0 |
| Debian:12 | busybox | 0, 0, 0 |
| Debian:13 | busybox | 0, 0, 0 |
| Debian:11 | busybox | 0, 0, 0 |
Timeline
- Nov 20, 2017 CVE Published
- Apr 28, 2026 CVE Updated