CVE-2018-1000517

Description

BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.

How to fix CVE-2018-1000517

To remediate CVE-2018-1000517, upgrade the affected package to a fixed version below.

—upgrade to 1:1.27.2-3 or later

Is CVE-2018-1000517 being exploited?

Moderate — EPSS is 16.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 1:1.27.2-3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2018-1000517