Your submission was sent successfully! Close

CVE-2018-1000500

Published: 26 June 2018

Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file".

Priority

Medium

CVSS 3 base score: 8.1

Status

Package Release Status
busybox
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic
Released (1:1.27.2-2ubuntu3.3)
cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Ignored
(reached end-of-life)
focal
Released (1:1.30.1-4ubuntu6.2)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)