CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2021-42373
https://notcve.org/view.php?id=CVE-2021-42373
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given Una desreferencia de puntero NULL en el applet man de Busybox conlleva a una denegación de servicio cuando se proporciona un nombre de sección pero no se da ningún argumento de página • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS https://security.netapp.com/advisory/ntap-20211223-0002 • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42381
https://notcve.org/view.php?id=CVE-2021-42381
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function Un uso de memoria previamente liberada en el applet awk de Busybox conduce a una denegación de servicio y posiblemente a una ejecución de código cuando es procesado un patrón awk diseñado en la función hash_init • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS https://security.netapp.com/advisory/ntap-20211223-0002 • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42379
https://notcve.org/view.php?id=CVE-2021-42379
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function Un uso de memoria previamente liberada en el applet awk de Busybox conduce a la denegación de servicio y posiblemente a una ejecución de código cuando es procesado un patrón awk diseñado en la función next_input_file • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS https://security.netapp.com/advisory/ntap-20211223-0002 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28831
https://notcve.org/view.php?id=CVE-2021-28831
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. El archivo decompress_gunzip.c en BusyBox versiones hasta 1.32.1, maneja inapropiadamente el bit de error en el puntero de resultado de huft_build, con un fallo liberación invalida o de segmentación resultante, por medio de datos gzip malformados • https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U https://security.gentoo.org&# • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 2CVE-2019-5747 – Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
https://notcve.org/view.php?id=CVE-2019-5747
An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. Se ha descubierto un problema en BusyBox hasta la versión 1.30.0. • http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://seclists.org/fulldisclosure/2019/Sep/7 https://bugs.busybox.net/show_bug.cgi?id=11506 https://git.busybox.net/busybox/commit/?id=74d9f1ba37010face4bd1449df4d60dd84450b06 https://seclists.org/bugtraq/2019/Sep/7 https://usn.ubuntu.com/3935-1 • CWE-125: Out-of-bounds Read •