4 results (0.006 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. • http://busybox.com https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. A vulnerability was found in the BusyBox package. This issue occurs via a stack overflow vulnerability in ash.c in BusyBox, which may allow arbitrary code execution. • https://bugs.busybox.net/show_bug.cgi?id=15216 https://access.redhat.com/security/cve/CVE-2022-48174 https://bugzilla.redhat.com/show_bug.cgi?id=2237153 • CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. BusyBox versiones hasta 1.35.0, permite a atacantes remotos ejecutar código arbitrario si es usado netstat para imprimir el valor de un registro PTR de DNS en un terminal compatible con VT. Alternativamente, el atacante podría optar por cambiar los colores de la terminal • https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661 •

CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. Una desreferencia de puntero NULL en el applet hush de Busybox conlleva a una denegación de servicio cuando es procesado un comando shell diseñado, debido a una falta de comprobación después de un carácter delimitador \x03. Esto puede ser usado para DoS bajo condiciones muy raras de entrada de comandos filtrados • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS https://security.netapp.com/advisory/ntap-20211223-0002 • CWE-476: NULL Pointer Dereference •