Product:

Busybox

(Busybox)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 39
Date Id Summary Products Score Patch Annotated
2021-11-15 CVE-2021-42384 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function Busybox, Fedora 7.2
2021-11-15 CVE-2021-42385 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function Busybox, Fedora 7.2
2021-11-15 CVE-2021-42386 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function Busybox, Fedora 7.2
2023-08-28 CVE-2023-39810 An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. Busybox 7.8
2023-08-22 CVE-2022-48174 There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. Busybox 9.8
2022-05-18 CVE-2022-30065 A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. Busybox, Scalance_sc622\-2c_firmware, Scalance_sc626\-2c_firmware, Scalance_sc632\-2c_firmware, Scalance_sc636\-2c_firmware, Scalance_sc642\-2c_firmware, Scalance_sc646\-2c_firmware 7.8
2018-07-26 CVE-2015-9261 huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. Busybox, Ubuntu_linux, Debian_linux 5.5
2019-01-09 CVE-2019-5747 An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. Busybox, Ubuntu_linux 7.5
2017-11-20 CVE-2017-16544 In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. Busybox, Ubuntu_linux, Debian_linux, N\-Tron_702\-W_firmware, N\-Tron_702m12\-W_firmware, Esxi 8.8
2022-04-03 CVE-2022-28391 BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. Busybox 8.8