Total
34 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-30065 | 2 Busybox, Siemens | 13 Busybox, Scalance Sc622-2c, Scalance Sc622-2c Firmware and 10 more | 2023-02-11 | 6.8 MEDIUM | 7.8 HIGH |
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. | |||||
CVE-2019-5747 | 2 Busybox, Canonical | 2 Busybox, Ubuntu Linux | 2022-09-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. | |||||
CVE-2022-28391 | 1 Busybox | 1 Busybox | 2022-08-11 | 6.8 MEDIUM | 8.8 HIGH |
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. | |||||
CVE-2017-16544 | 5 Busybox, Canonical, Debian and 2 more | 8 Busybox, Ubuntu Linux, Debian Linux and 5 more | 2022-06-20 | 6.5 MEDIUM | 8.8 HIGH |
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. | |||||
CVE-2015-9261 | 3 Busybox, Canonical, Debian | 3 Busybox, Ubuntu Linux, Debian Linux | 2022-06-20 | 4.3 MEDIUM | 5.5 MEDIUM |
huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. | |||||
CVE-2021-28831 | 3 Busybox, Debian, Fedoraproject | 3 Busybox, Debian Linux, Fedora | 2022-05-20 | 5.0 MEDIUM | 7.5 HIGH |
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. | |||||
CVE-2021-42374 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2022-03-31 | 3.3 LOW | 5.3 MEDIUM |
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that | |||||
CVE-2021-42376 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2022-03-31 | 1.9 LOW | 5.5 MEDIUM |
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. | |||||
CVE-2021-42377 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2022-03-31 | 6.8 MEDIUM | 9.8 CRITICAL |
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. | |||||
CVE-2021-42375 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2022-03-31 | 1.9 LOW | 5.5 MEDIUM |
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. | |||||
CVE-2021-42373 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2022-03-31 | 2.1 LOW | 5.5 MEDIUM |
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given | |||||
CVE-2021-42378 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2022-01-04 | 6.5 MEDIUM | 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function | |||||
CVE-2021-42379 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2022-01-04 | 6.5 MEDIUM | 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function | |||||
CVE-2021-42383 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2022-01-04 | 6.5 MEDIUM | 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | |||||
CVE-2021-42382 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2022-01-04 | 6.5 MEDIUM | 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function | |||||
CVE-2021-42384 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2022-01-04 | 6.5 MEDIUM | 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function | |||||
CVE-2021-42385 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2022-01-04 | 6.5 MEDIUM | 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | |||||
CVE-2021-42386 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2022-01-04 | 6.5 MEDIUM | 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function | |||||
CVE-2021-42381 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2022-01-04 | 6.5 MEDIUM | 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function | |||||
CVE-2021-42380 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2022-01-04 | 6.5 MEDIUM | 7.2 HIGH |
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function |