Dear developers, I am new to security research and am exploring how LLMs can be leveraged to detect software vulnerabilities.
The two vulnerabilities described here were initially discovered by an agent and were subsequently *manually verified by me*, confirming that they are technically exploitable. However, I am not fully certain whether they should be considered *real-world vulnerabilities* or merely *toy / theoretical vulnerabilities* with limited practical impact. Detailed technical descriptions, including the discovery process and verification steps, are provided in the accompanying Markdown files. If these turn out to be false positives, I sincerely apologize for any inconvenience this may have caused. *Issue 1 (symlink-based traversal):* The second issue concerns path traversal during BusyBox tar extraction via pre-existing symlink components in the destination directory. Although archive paths are sanitized, file writes can be redirected outside the extraction root. This behavior is reproducible, but its security relevance is unclear to me. *Issue 2 (hard link handling):* The first issue involves BusyBox tar extraction of hard link entries, where the hard link target is not sanitized and may reference paths outside the extraction directory. I have reproduced this behavior locally but am unsure whether it should be considered a real security vulnerability or intended behavior. -- Best wishes, Zhicheng Chen Ph.D. student at Texas A&M University
path traversal.md
Description: Binary data
path traversal2.md
Description: Binary data
_______________________________________________ busybox mailing list [email protected] https://lists.busybox.net/mailman/listinfo/busybox
