CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48174 – busybox: stack overflow vulnerability in ash.c leads to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-48174
22 Aug 2023 — There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. A vulnerability was found in the BusyBox package. This issue occurs via a stack overflow vulnerability in ash.c in BusyBox, which may allow arbitrary code execution. It was discovered that BusyBox incorrectly handled certain malformed gzip archives. • https://bugs.busybox.net/show_bug.cgi?id=15216 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 6%CPEs: 1EXPL: 1CVE-2022-28391
https://notcve.org/view.php?id=CVE-2022-28391
03 Apr 2022 — BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. BusyBox versiones hasta 1.35.0, permite a atacantes remotos ejecutar código arbitrario si es usado netstat para imprimir el valor de un registro PTR de DNS en un terminal compatible con VT. Alternativamente, el atacante podría optar por cambiar los colores de la terminal • https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-42376 – Gentoo Linux Security Advisory 202407-17
https://notcve.org/view.php?id=CVE-2021-42376
15 Nov 2021 — A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. Una desreferencia de puntero NULL en el applet hush de Busybox conlleva a una denegación de servicio cuando es procesado un comando shell diseñado, debido a una falta de comprobación después de un carácter delimitador \x03. Esto puede ser usado para DoS... • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42378 – Gentoo Linux Security Advisory 202407-17
https://notcve.org/view.php?id=CVE-2021-42378
15 Nov 2021 — A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function Un uso de memoria previamente liberada en el applet awk de Busybox conduce a una denegación de servicio y posiblemente a una ejecución de código cuando es procesado un patrón awk diseñado en la función getvar_i Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. Versions greater than or ... • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42379 – Gentoo Linux Security Advisory 202407-17
https://notcve.org/view.php?id=CVE-2021-42379
15 Nov 2021 — A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function Un uso de memoria previamente liberada en el applet awk de Busybox conduce a la denegación de servicio y posiblemente a una ejecución de código cuando es procesado un patrón awk diseñado en la función next_input_file Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. Versions gre... • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42384 – Gentoo Linux Security Advisory 202407-17
https://notcve.org/view.php?id=CVE-2021-42384
15 Nov 2021 — A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function Un uso de memoria previamente liberada en el applet awk de Busybox conduce a la denegación de servicio y posiblemente a una ejecución de código cuando es procesado un patrón awk diseñado en la función handle_special It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into... • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42385 – Gentoo Linux Security Advisory 202407-17
https://notcve.org/view.php?id=CVE-2021-42385
15 Nov 2021 — A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function Un uso de memoria previamente liberada en el applet awk de Busybox conduce a una denegación de servicio y posiblemente a una ejecución de código cuando es procesado un patrón awk diseñado en la función evaluate It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing... • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog • CWE-416: Use After Free •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-42386 – Gentoo Linux Security Advisory 202407-17
https://notcve.org/view.php?id=CVE-2021-42386
15 Nov 2021 — A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function Un uso de memoria previamente liberada en el applet awk de Busybox conlleva una denegación de servicio y posiblemente una ejecución de código cuando es procesado un patrón awk diseñado en la función nvalloc Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. Versions greater than or equal... • https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog • CWE-416: Use After Free •
CVSS: 7.5EPSS: 7%CPEs: 5EXPL: 2CVE-2018-20679 – Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
https://notcve.org/view.php?id=CVE-2018-20679
09 Jan 2019 — An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes. Se ha descubierto un problema en versiones anteriores a la 1.30.0 de BusyBox. Una lectura fuera de límites en los componentes udhcp (consumidos... • https://packetstorm.news/files/id/154361 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 3CVE-2019-5747 – Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
https://notcve.org/view.php?id=CVE-2019-5747
09 Jan 2019 — An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. Se ha descubierto un problema en BusyBox hasta la versión 1.30.0. • https://packetstorm.news/files/id/154361 • CWE-125: Out-of-bounds Read •