CVE-2018-1000500

HIGH8.1EPSS 0.41%

發布日:2018/6/26修改日:2025/12/3

也稱為:ALPINE-CVE-2018-1000500DEBIAN-CVE-2018-1000500

描述

Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file".

受影響套件(2)

Alpine/busyboxfrom 0, < 1.28.3-r2
Debian/busyboxfrom 0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2018-1000500
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-1000500