Product:

Busybox

(Busybox)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 39
Date Id Summary Products Score Patch Annotated
2021-11-15 CVE-2021-42385 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function Busybox, Fedora 7.2
2021-11-15 CVE-2021-42386 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function Busybox, Fedora 7.2
2022-05-18 CVE-2022-30065 A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. Busybox, Scalance_sc622\-2c_firmware, Scalance_sc626\-2c_firmware, Scalance_sc632\-2c_firmware, Scalance_sc636\-2c_firmware, Scalance_sc642\-2c_firmware, Scalance_sc646\-2c_firmware 7.8
2023-08-28 CVE-2023-39810 An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. Busybox 7.8
2023-11-27 CVE-2023-42363 A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. Busybox 5.5
2023-11-27 CVE-2023-42364 A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. Busybox 5.5
2023-11-27 CVE-2023-42365 A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. Busybox 5.5
2006-04-04 CVE-2006-1058 BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. Aura_application_enablement_services, Aura_sip_enablement_services, Message_networking, Messaging_storage_server, Busybox 5.5
2018-07-26 CVE-2015-9261 huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. Busybox, Ubuntu_linux, Debian_linux 5.5
2017-11-20 CVE-2017-16544 In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. Busybox, Ubuntu_linux, Debian_linux, N\-Tron_702\-W_firmware, N\-Tron_702m12\-W_firmware, Esxi 8.8