NotCVE - vendor:"Busybox" product:"Busybox" version:"1.35.0"

4 results (0.002 seconds)

CVSS: 3.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-46394

https://notcve.org/view.php?id=CVE-2025-46394

23 Apr 2025 — In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. • https://bugs.busybox.net/show_bug.cgi?id=16018 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •

CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-58251

https://notcve.org/view.php?id=CVE-2024-58251

23 Apr 2025 — In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim. • https://bugs.busybox.net/show_bug.cgi?id=15922 • CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 1

CVE-2022-30065 – SUSE Security Advisory - SUSE-SU-2022:4371-1

https://notcve.org/view.php?id=CVE-2022-30065

18 May 2022 — A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. Un uso de memoria previamente liberada en el applet awk de Busybox versión 1.35-x, conlleva a una denegación de servicio y posiblemente una ejecución de código cuando es procesado un patrón awk diseñado en la función copyvar An update that fixes two vulnerabilities is now available. This update for busybox fixes the following issues. Fixed use-... • https://bugs.busybox.net/show_bug.cgi?id=14781 • CWE-416: Use After Free •

CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 1

CVE-2022-28391

https://notcve.org/view.php?id=CVE-2022-28391

03 Apr 2022 — BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. BusyBox versiones hasta 1.35.0, permite a atacantes remotos ejecutar código arbitrario si es usado netstat para imprimir el valor de un registro PTR de DNS en un terminal compatible con VT. Alternativamente, el atacante podría optar por cambiar los colores de la terminal • https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •