Hi, On Wed, Apr 23, 2025 at 02:11:44PM +0000, Ian Norton wrote: > > https://bugs.busybox.net/show_bug.cgi?id=16018 (awaiting CVE) > > Busybox's cpio and tar tools will print un-escaped filenames when listing and > unpacking > cpio and tar files. Malicious files containing filenames with terminal > escapes can be used > to mask or modify earlier or later files in the archive from anyone running > busybox tar or cpio > from a terminal.
FTR, this one has assigned CVE-2025-46394 . Regards, Salvatore
