7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
22.9%
A flaw was found in the BusyBox tool. This issue occurs in the cpio command of BusyBox and may allow attackers to execute a directory traversal. If untrusted archives are extracted, this can result in files written outside of the destination directory or files being overwritten that contain configuration in the form of shell scripts such as ~/.bashrc or scripts that enable login from a remote side such as the ~/.ssh/authorized_keys file.
Change the default behavior to ignore relative file names with a …/ pattern within the cpio archive. To process files with a directory traversal pattern, a command line flag could be introduced, as done in GNU cpio.
Users can specify on the BusyBox cpio command line which file name should be unpacked, which should be safe as long as no directory traversal is included in that file name argument.
Users may also consider using another cpio implementation, or may ensure that archive files are trusted.