CVE-2022-30065
SUSE Security Advisory - SUSE-SU-2022:4371-1
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.
Un uso de memoria previamente liberada en el applet awk de Busybox versión 1.35-x, conlleva a una denegación de servicio y posiblemente una ejecución de código cuando es procesado un patrón awk diseñado en la función copyvar
An update that fixes two vulnerabilities is now available. This update for busybox fixes the following issues. Fixed use-after-free in the AWK applet. Fixed loading of unwanted module with / in module names. Wget and others.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-05-02 CVE Reserved
- 2022-05-18 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-05-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://bugs.busybox.net/show_bug.cgi?id=14781 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Scalance Sc622-2c Firmware Search vendor "Siemens" for product "Scalance Sc622-2c Firmware" | < 3.0 Search vendor "Siemens" for product "Scalance Sc622-2c Firmware" and version " < 3.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance Sc622-2c Search vendor "Siemens" for product "Scalance Sc622-2c" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Scalance Sc626-2c Firmware Search vendor "Siemens" for product "Scalance Sc626-2c Firmware" | < 3.0 Search vendor "Siemens" for product "Scalance Sc626-2c Firmware" and version " < 3.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance Sc626-2c Search vendor "Siemens" for product "Scalance Sc626-2c" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Scalance Sc632-2c Firmware Search vendor "Siemens" for product "Scalance Sc632-2c Firmware" | < 3.0 Search vendor "Siemens" for product "Scalance Sc632-2c Firmware" and version " < 3.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance Sc632-2c Search vendor "Siemens" for product "Scalance Sc632-2c" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Scalance Sc636-2c Firmware Search vendor "Siemens" for product "Scalance Sc636-2c Firmware" | < 3.0 Search vendor "Siemens" for product "Scalance Sc636-2c Firmware" and version " < 3.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance Sc636-2c Search vendor "Siemens" for product "Scalance Sc636-2c" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Scalance Sc642-2c Firmware Search vendor "Siemens" for product "Scalance Sc642-2c Firmware" | < 3.0 Search vendor "Siemens" for product "Scalance Sc642-2c Firmware" and version " < 3.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance Sc642-2c Search vendor "Siemens" for product "Scalance Sc642-2c" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Scalance Sc646-2c Firmware Search vendor "Siemens" for product "Scalance Sc646-2c Firmware" | < 3.0 Search vendor "Siemens" for product "Scalance Sc646-2c Firmware" and version " < 3.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Scalance Sc646-2c Search vendor "Siemens" for product "Scalance Sc646-2c" | - | - |
Safe
|
| Busybox Search vendor "Busybox" | Busybox Search vendor "Busybox" for product "Busybox" | 1.35.0 Search vendor "Busybox" for product "Busybox" and version "1.35.0" | - |
Affected
| ||||||