CVE-2022-28391

{"id": "CVE-2022-28391", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-04-03T21:15:08.207", "references": [{"url": "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors."}, {"lang": "es", "value": "BusyBox versiones hasta 1.35.0, permite a atacantes remotos ejecutar c\u00f3digo arbitrario si es usado netstat para imprimir el valor de un registro PTR de DNS en un terminal compatible con VT. Alternativamente, el atacante podr\u00eda optar por cambiar los colores de la terminal"}], "lastModified": "2022-08-11T18:44:50.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50324EB3-E070-4585-A2F4-DE7C0D1932B3", "versionEndIncluding": "1.35.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}