alpine 3.7
shell weakness #15


Weakness Breakdown


A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:



The highlighted line of code below is the trigger point of this particular Alpine 3.7 shell weakness.

      terror (_("%s: too many arguments"), cmd->name);
      return 1;

  /* Prepare for calling the handler */
  param.argc = i;
  if (!param.argv)
      argmax = ARGINC;
      param.argv = ecalloc (argmax, sizeof (param.argv[0]));
  param.argv[i] = NULL;
  param.vararg = arg;
  param.fp = NULL; = NULL;
  pagfp = NULL;
  expected_lines = 0;
  expected_lines_ptr = (interactive && pager) ? &expected_lines : NULL;
  if (!(cmd->begin && cmd->begin (&param, expected_lines_ptr)))
      if (pager && expected_lines > get_screen_lines ())
	  pagfp = popen (pager, "w");
	  if (pagfp)
	    param.fp = pagfp;
	      terror (_("cannot run pager '%s': %s"), pager,
			    strerror (errno));
	      pager = NULL;
	      param.fp = stdout;
	param.fp = stdout;
      cmd->handler (&param);
      if (cmd->end)
	cmd->end (;
      else if (
	free (;

      if (pagfp)
	pclose (pagfp);

  param_free_argv (&param, param.argc);

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.