Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Busybox
(Busybox)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 39 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-11-15 | CVE-2021-42382 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function | Busybox, Fedora | 7.2 | ||
| 2021-11-15 | CVE-2021-42383 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | Busybox, Fedora | 7.2 | ||
| 2021-11-15 | CVE-2021-42384 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function | Busybox, Fedora | 7.2 | ||
| 2021-11-15 | CVE-2021-42385 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | Busybox, Fedora | 7.2 | ||
| 2021-11-15 | CVE-2021-42386 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function | Busybox, Fedora | 7.2 | ||
| 2023-08-28 | CVE-2023-39810 | An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. | Busybox | 7.8 | ||
| 2023-08-22 | CVE-2022-48174 | There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. | Busybox | 9.8 | ||
| 2022-05-18 | CVE-2022-30065 | A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. | Busybox, Scalance_sc622\-2c_firmware, Scalance_sc626\-2c_firmware, Scalance_sc632\-2c_firmware, Scalance_sc636\-2c_firmware, Scalance_sc642\-2c_firmware, Scalance_sc646\-2c_firmware | 7.8 | ||
| 2018-07-26 | CVE-2015-9261 | huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. | Busybox, Ubuntu_linux, Debian_linux | 5.5 | ||
| 2019-01-09 | CVE-2019-5747 | An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. | Busybox, Ubuntu_linux | 7.5 |