CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42363
https://notcve.org/view.php?id=CVE-2023-42363
27 Nov 2023 — A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. Se descubrió una vulnerabilidad de use-after-free en la función xasprintf en xfuncs_printf.c:344 en BusyBox v.1.36.1. • https://bugs.busybox.net/show_bug.cgi?id=15865 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42364
https://notcve.org/view.php?id=CVE-2023-42364
27 Nov 2023 — A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. Una vulnerabilidad de use-after-free en BusyBox v.1.36.1 permite a los atacantes provocar una denegación de servicio mediante un patrón awk manipulado en la función de evaluación awk.c. • https://bugs.busybox.net/show_bug.cgi?id=15868 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42365
https://notcve.org/view.php?id=CVE-2023-42365
27 Nov 2023 — A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. Se descubrió una vulnerabilidad de use-after-free en BusyBox v.1.36.1 mediante un patrón awk manipulado en la función copyvar awk.c. • https://bugs.busybox.net/show_bug.cgi?id=15871 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42366
https://notcve.org/view.php?id=CVE-2023-42366
27 Nov 2023 — A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. Se descubrió un desbordamiento del búfer del heap en BusyBox v.1.36.1 en la función next_token en awk.c:1159. • https://bugs.busybox.net/show_bug.cgi?id=15874 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-39810
https://notcve.org/view.php?id=CVE-2023-39810
28 Aug 2023 — An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. • http://busybox.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48174 – busybox: stack overflow vulnerability in ash.c leads to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-48174
22 Aug 2023 — There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. A vulnerability was found in the BusyBox package. This issue occurs via a stack overflow vulnerability in ash.c in BusyBox, which may allow arbitrary code execution. It was discovered that BusyBox incorrectly handled certain malformed gzip archives. • https://bugs.busybox.net/show_bug.cgi?id=15216 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1CVE-2022-30065
https://notcve.org/view.php?id=CVE-2022-30065
18 May 2022 — A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. Un uso de memoria previamente liberada en el applet awk de Busybox versión 1.35-x, conlleva a una denegación de servicio y posiblemente una ejecución de código cuando es procesado un patrón awk diseñado en la función copyvar • https://bugs.busybox.net/show_bug.cgi?id=14781 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 7%CPEs: 1EXPL: 1CVE-2022-28391
https://notcve.org/view.php?id=CVE-2022-28391
03 Apr 2022 — BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. BusyBox versiones hasta 1.35.0, permite a atacantes remotos ejecutar código arbitrario si es usado netstat para imprimir el valor de un registro PTR de DNS en un terminal compatible con VT. Alternativamente, el atacante podría optar por cambiar los colores de la terminal • https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2021-42373 – Gentoo Linux Security Advisory 202407-17
https://notcve.org/view.php?id=CVE-2021-42373
15 Nov 2021 — A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given Una desreferencia de puntero NULL en el applet man de Busybox conlleva a una denegación de servicio cuando se proporciona un nombre de sección pero no se da ningún argumento de página Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 1.34.0 are affected. • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 20EXPL: 1CVE-2021-42374 – Gentoo Linux Security Advisory 202407-17
https://notcve.org/view.php?id=CVE-2021-42374
15 Nov 2021 — An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that Una lectura de pila fuera de límites en el applet unlzma de Busybox conlleva a un filtrado de información y una denegación de servicio cuando se descomprime una entrada comprimida LZMA manipulada. Esto puede ser desencadenado por cualquier applet/formato que It was discovered that BusyBox incorrectly handled ... • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog • CWE-125: Out-of-bounds Read •