Vulnerabilities (CVE)

Filtered by vendor Busybox Subscribe
Filtered by product Busybox
Total 40 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-1058 2 Avaya, Busybox 5 Aura Application Enablement Services, Aura Sip Enablement Services, Message Networking and 2 more 2024-02-09 2.1 LOW 5.5 MEDIUM
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
CVE-2023-42366 1 Busybox 1 Busybox 2023-12-10 N/A 5.5 MEDIUM
A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.
CVE-2023-42363 1 Busybox 1 Busybox 2023-12-10 N/A 5.5 MEDIUM
A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
CVE-2023-42365 1 Busybox 1 Busybox 2023-12-10 N/A 5.5 MEDIUM
A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
CVE-2023-42364 1 Busybox 1 Busybox 2023-12-10 N/A 5.5 MEDIUM
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.
CVE-2023-39810 1 Busybox 1 Busybox 2023-12-10 N/A 7.8 HIGH
An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.
CVE-2022-48174 1 Busybox 1 Busybox 2023-12-10 N/A 9.8 CRITICAL
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.
CVE-2022-28391 1 Busybox 1 Busybox 2023-12-10 6.8 MEDIUM 8.8 HIGH
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.
CVE-2022-30065 2 Busybox, Siemens 13 Busybox, Scalance Sc622-2c, Scalance Sc622-2c Firmware and 10 more 2023-12-10 6.8 MEDIUM 7.8 HIGH
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.
CVE-2021-42384 2 Busybox, Fedoraproject 2 Busybox, Fedora 2023-12-10 6.5 MEDIUM 7.2 HIGH
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function
CVE-2021-42383 2 Busybox, Fedoraproject 2 Busybox, Fedora 2023-12-10 6.5 MEDIUM 7.2 HIGH
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
CVE-2021-42375 3 Busybox, Fedoraproject, Netapp 19 Busybox, Fedora, Cloud Backup and 16 more 2023-12-10 1.9 LOW 5.5 MEDIUM
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.
CVE-2021-42381 2 Busybox, Fedoraproject 2 Busybox, Fedora 2023-12-10 6.5 MEDIUM 7.2 HIGH
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function
CVE-2021-42380 2 Busybox, Fedoraproject 2 Busybox, Fedora 2023-12-10 6.5 MEDIUM 7.2 HIGH
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function
CVE-2021-42377 3 Busybox, Fedoraproject, Netapp 19 Busybox, Fedora, Cloud Backup and 16 more 2023-12-10 6.8 MEDIUM 9.8 CRITICAL
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.
CVE-2021-42379 2 Busybox, Fedoraproject 2 Busybox, Fedora 2023-12-10 6.5 MEDIUM 7.2 HIGH
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function
CVE-2021-42374 3 Busybox, Fedoraproject, Netapp 19 Busybox, Fedora, Cloud Backup and 16 more 2023-12-10 3.3 LOW 5.3 MEDIUM
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that
CVE-2021-42373 3 Busybox, Fedoraproject, Netapp 19 Busybox, Fedora, Cloud Backup and 16 more 2023-12-10 2.1 LOW 5.5 MEDIUM
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
CVE-2021-42385 2 Busybox, Fedoraproject 2 Busybox, Fedora 2023-12-10 6.5 MEDIUM 7.2 HIGH
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
CVE-2021-42378 2 Busybox, Fedoraproject 2 Busybox, Fedora 2023-12-10 6.5 MEDIUM 7.2 HIGH
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function