15336 – unzip security issue

Bug 15336 - unzip security issue

Summary: unzip security issue

Status:	NEW

Alias:	None

Product:	Busybox
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	1.35.x
Hardware:	All Linux

Importance:	P5 normal
Target Milestone:	---
Assignee:	unassigned

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-02-14 10:27 UTC by nimrod.stoler
Modified:	2023-02-14 10:27 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description nimrod.stoler 2023-02-14 10:27:05 UTC

Hello,

During our review of an embedded product we discovered that we can escalate our privileges using busybox’s unzip utility.

We kindly like to disclose the specifics to you or to anyone dealing with security on your side.

Format For Printing
- XML
- Clone This Bug
- Top of page