CVE-2017-16544

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
busyboxbusybox
𝑥
≤ 1.27.2
debiandebian_linux
8.0
debiandebian_linux
9.0
vmwareesxi
6.0
vmwareesxi
6.0
vmwareesxi
6.0:1
vmwareesxi
6.0:1a
vmwareesxi
6.0:1b
vmwareesxi
6.0:2
vmwareesxi
6.0:3
vmwareesxi
6.0:3a
vmwareesxi
6.0:600-201504401
vmwareesxi
6.0:600-201505401
vmwareesxi
6.0:600-201507101
vmwareesxi
6.0:600-201507102
vmwareesxi
6.0:600-201507401
vmwareesxi
6.0:600-201507402
vmwareesxi
6.0:600-201507403
vmwareesxi
6.0:600-201507404
vmwareesxi
6.0:600-201507405
vmwareesxi
6.0:600-201507406
vmwareesxi
6.0:600-201507407
vmwareesxi
6.0:600-201509101
vmwareesxi
6.0:600-201509102
vmwareesxi
6.0:600-201509201
vmwareesxi
6.0:600-201509202
vmwareesxi
6.0:600-201509203
vmwareesxi
6.0:600-201509204
vmwareesxi
6.0:600-201509205
vmwareesxi
6.0:600-201509206
vmwareesxi
6.0:600-201509207
vmwareesxi
6.0:600-201509208
vmwareesxi
6.0:600-201509209
vmwareesxi
6.0:600-201509210
vmwareesxi
6.0:600-201510401
vmwareesxi
6.0:600-201511401
vmwareesxi
6.0:600-201601101
vmwareesxi
6.0:600-201601102
vmwareesxi
6.0:600-201601401
vmwareesxi
6.0:600-201601402
vmwareesxi
6.0:600-201601403
vmwareesxi
6.0:600-201601404
vmwareesxi
6.0:600-201601405
vmwareesxi
6.0:600-201602401
vmwareesxi
6.0:600-201603101
vmwareesxi
6.0:600-201603102
vmwareesxi
6.0:600-201603201
vmwareesxi
6.0:600-201603202
vmwareesxi
6.0:600-201603203
vmwareesxi
6.0:600-201603204
vmwareesxi
6.0:600-201603205
vmwareesxi
6.0:600-201603206
vmwareesxi
6.0:600-201603207
vmwareesxi
6.0:600-201603208
vmwareesxi
6.0:600-201605401
vmwareesxi
6.0:600-201608101
vmwareesxi
6.0:600-201608401
vmwareesxi
6.0:600-201608402
vmwareesxi
6.0:600-201608403
vmwareesxi
6.0:600-201608404
vmwareesxi
6.0:600-201608405
vmwareesxi
6.0:600-201610410
vmwareesxi
6.0:600-201611401
vmwareesxi
6.0:600-201611402
vmwareesxi
6.0:600-201611403
vmwareesxi
6.0:600-201702101
vmwareesxi
6.0:600-201702102
vmwareesxi
6.0:600-201702201
vmwareesxi
6.0:600-201702202
vmwareesxi
6.0:600-201702203
vmwareesxi
6.0:600-201702204
vmwareesxi
6.0:600-201702205
vmwareesxi
6.0:600-201702206
vmwareesxi
6.0:600-201702207
vmwareesxi
6.0:600-201702208
vmwareesxi
6.0:600-201702209
vmwareesxi
6.0:600-201702210
vmwareesxi
6.0:600-201702211
vmwareesxi
6.0:600-201702212
vmwareesxi
6.0:600-201703401
vmwareesxi
6.0:600-201706101
vmwareesxi
6.0:600-201706102
vmwareesxi
6.0:600-201706103
vmwareesxi
6.0:600-201706401
vmwareesxi
6.0:600-201706402
vmwareesxi
6.0:600-201706403
vmwareesxi
6.0:600-201710301
vmwareesxi
6.0:600-201811001
vmwareesxi
6.0:600-201811401
vmwareesxi
6.0:600-201903001
vmwareesxi
6.0:600-201905001
vmwareesxi
6.0:600-201909001
vmwareesxi
6.5
vmwareesxi
6.5:650-201701001
vmwareesxi
6.5:650-201703001
vmwareesxi
6.5:650-201703002
vmwareesxi
6.5:650-201704001
vmwareesxi
6.5:650-201707101
vmwareesxi
6.5:650-201707102
vmwareesxi
6.5:650-201707103
vmwareesxi
6.5:650-201707201
vmwareesxi
6.5:650-201707202
vmwareesxi
6.5:650-201707203
vmwareesxi
6.5:650-201707204
vmwareesxi
6.5:650-201707205
vmwareesxi
6.5:650-201707206
vmwareesxi
6.5:650-201707207
vmwareesxi
6.5:650-201707208
vmwareesxi
6.5:650-201707209
vmwareesxi
6.5:650-201707210
vmwareesxi
6.5:650-201707211
vmwareesxi
6.5:650-201707212
vmwareesxi
6.5:650-201707213
vmwareesxi
6.5:650-201707214
vmwareesxi
6.5:650-201707215
vmwareesxi
6.5:650-201707216
vmwareesxi
6.5:650-201707217
vmwareesxi
6.5:650-201707218
vmwareesxi
6.5:650-201707219
vmwareesxi
6.5:650-201707220
vmwareesxi
6.5:650-201707221
vmwareesxi
6.5:650-201710001
vmwareesxi
6.5:650-201712001
vmwareesxi
6.5:650-201803001
vmwareesxi
6.5:650-201806001
vmwareesxi
6.5:650-201808001
vmwareesxi
6.5:650-201810001
vmwareesxi
6.5:650-201810002
vmwareesxi
6.5:650-201811001
vmwareesxi
6.5:650-201811002
vmwareesxi
6.5:650-201811301
vmwareesxi
6.5:650-201901001
vmwareesxi
6.5:650-201903001
vmwareesxi
6.5:650-201905001
vmwareesxi
6.7
vmwareesxi
6.7:670-201806001
vmwareesxi
6.7:670-201807001
vmwareesxi
6.7:670-201808001
vmwareesxi
6.7:670-201810001
vmwareesxi
6.7:670-201810101
vmwareesxi
6.7:670-201810102
vmwareesxi
6.7:670-201810103
vmwareesxi
6.7:670-201810201
vmwareesxi
6.7:670-201810202
vmwareesxi
6.7:670-201810203
vmwareesxi
6.7:670-201810204
vmwareesxi
6.7:670-201810205
vmwareesxi
6.7:670-201810206
vmwareesxi
6.7:670-201810207
vmwareesxi
6.7:670-201810208
vmwareesxi
6.7:670-201810209
vmwareesxi
6.7:670-201810210
vmwareesxi
6.7:670-201810211
vmwareesxi
6.7:670-201810212
vmwareesxi
6.7:670-201810213
vmwareesxi
6.7:670-201810214
vmwareesxi
6.7:670-201810215
vmwareesxi
6.7:670-201810216
vmwareesxi
6.7:670-201810217
vmwareesxi
6.7:670-201810218
vmwareesxi
6.7:670-201810219
vmwareesxi
6.7:670-201810220
vmwareesxi
6.7:670-201810221
vmwareesxi
6.7:670-201810222
vmwareesxi
6.7:670-201810223
vmwareesxi
6.7:670-201810224
vmwareesxi
6.7:670-201810225
vmwareesxi
6.7:670-201810226
vmwareesxi
6.7:670-201810227
vmwareesxi
6.7:670-201810228
vmwareesxi
6.7:670-201810229
vmwareesxi
6.7:670-201810230
vmwareesxi
6.7:670-201810231
vmwareesxi
6.7:670-201810232
vmwareesxi
6.7:670-201810233
vmwareesxi
6.7:670-201810234
vmwareesxi
6.7:670-201811001
vmwareesxi
6.7:670-201901001
vmwareesxi
6.7:670-201901401
vmwareesxi
6.7:670-201901402
vmwareesxi
6.7:670-201901403
vmwareesxi
6.7:670-201903001
vmwareesxi
6.7:670-201904001
redlionn-tron_702-w_firmware
*
redlionn-tron_702m12-w_firmware
*
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
busybox
bullseye
1:1.30.1-6
fixed
wheezy
no-dsa
bookworm
1:1.35.0-4
fixed
sid
1:1.37.0-4
fixed
trixie
1:1.37.0-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
busybox
hirsute
Fixed 1:1.27.2-1ubuntu4
released
groovy
Fixed 1:1.27.2-1ubuntu4
released
focal
Fixed 1:1.27.2-1ubuntu4
released
eoan
Fixed 1:1.27.2-1ubuntu4
released
disco
Fixed 1:1.27.2-1ubuntu4
released
cosmic
Fixed 1:1.27.2-1ubuntu4
released
bionic
Fixed 1:1.27.2-1ubuntu4
released
artful
ignored
zesty
ignored
xenial
Fixed 1:1.22.0-15ubuntu1.4
released
trusty
Fixed 1:1.21.0-1ubuntu1.4
released
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html
http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
http://seclists.org/fulldisclosure/2019/Jun/18
http://seclists.org/fulldisclosure/2019/Sep/7
http://seclists.org/fulldisclosure/2020/Aug/20
http://seclists.org/fulldisclosure/2020/Mar/15
http://seclists.org/fulldisclosure/2020/Sep/6
http://seclists.org/fulldisclosure/2021/Aug/21
http://seclists.org/fulldisclosure/2021/Jan/39
http://seclists.org/fulldisclosure/2022/Jun/36
http://www.vmware.com/security/advisories/VMSA-2019-0013.html
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html
https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html
https://seclists.org/bugtraq/2019/Jun/14
https://seclists.org/bugtraq/2019/Sep/7
https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01
https://usn.ubuntu.com/3935-1/
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html
http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
http://seclists.org/fulldisclosure/2019/Jun/18
http://seclists.org/fulldisclosure/2019/Sep/7
http://seclists.org/fulldisclosure/2020/Aug/20
http://seclists.org/fulldisclosure/2020/Mar/15
http://seclists.org/fulldisclosure/2020/Sep/6
http://seclists.org/fulldisclosure/2021/Aug/21
http://seclists.org/fulldisclosure/2021/Jan/39
http://seclists.org/fulldisclosure/2022/Jun/36
http://www.vmware.com/security/advisories/VMSA-2019-0013.html
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html
https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html
https://seclists.org/bugtraq/2019/Jun/14
https://seclists.org/bugtraq/2019/Sep/7
https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01
https://usn.ubuntu.com/3935-1/
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/