CVE-2021-42375
Summary
| CVE | CVE-2021-42375 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-11-15 21:15:00 UTC |
| Updated | 2023-11-07 03:39:00 UTC |
| Description | An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Busybox | Busybox | 1.33.1 | All | All | All |
| Operating System | Fedoraproject | Fedora | 33 | All | All | All |
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Application | Netapp | Cloud Backup | - | All | All | All |
| Hardware | Netapp | H300e | - | All | All | All |
| Operating System | Netapp | H300e Firmware | - | All | All | All |
| Hardware | Netapp | H300s | - | All | All | All |
| Operating System | Netapp | H300s Firmware | - | All | All | All |
| Hardware | Netapp | H410s | - | All | All | All |
| Operating System | Netapp | H410s Firmware | - | All | All | All |
| Hardware | Netapp | H500e | - | All | All | All |
| Operating System | Netapp | H500e Firmware | - | All | All | All |
| Hardware | Netapp | H500s | - | All | All | All |
| Operating System | Netapp | H500s Firmware | - | All | All | All |
| Hardware | Netapp | H700e | - | All | All | All |
| Operating System | Netapp | H700e Firmware | - | All | All | All |
| Hardware | Netapp | H700s | - | All | All | All |
| Operating System | Netapp | H700s Firmware | - | All | All | All |
| Application | Netapp | Hci Management Node | - | All | All | All |
| Application | Netapp | Solidfire | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| November 2021 BusyBox Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| Unboxing BusyBox - 14 new vulnerabilities uncovered by Claroty and JFrog | JFrog | N/A | jfrog.com | |
| [SECURITY] Fedora 33 Update: busybox-1.34.1-1.fc33 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Unboxing BusyBox: 14 Vulnerabilities Uncovered by Claroty, JFrog | Claroty | MISC | claroty.com | |
| [SECURITY] Fedora 33 Update: busybox-1.34.1-1.fc33 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| FEDORA-2021-c52c0fe490 | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 34 Update: busybox-1.34.1-1.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 183018 Debian Security Update for busybox (CVE-2021-42375)
- 282073 Fedora Security Update for busybox (FEDORA-2021-c52c0fe490)
- 282074 Fedora Security Update for busybox (FEDORA-2021-5a95823596)
- 376048 BusyBox Denial of Service (DoS) Vulnerability
- 501387 Alpine Linux Security Update for busybox
- 501734 Alpine Linux Security Update for busybox
- 501950 Alpine Linux Security Update for busybox
- 503876 Alpine Linux Security Update for busybox
- 730371 McAfee Web Gateway Multiple Vulnerabilities (WP-3335,WP-4131,WP-4159,WP-4237,WP-4259,WP-4329,WP-4348,WP-4355,WP-4376,WP-4407,WP-4421)
- 751624 SUSE Enterprise Linux Security Update for busybox (SUSE-SU-2022:0135-1)
- 751633 OpenSUSE Security Update for busybox (openSUSE-SU-2022:0135-1)
- 752794 SUSE Enterprise Linux Security Update for busybox (SUSE-SU-2022:3959-1)
- 752903 SUSE Enterprise Linux Security Update for busybox (SUSE-SU-2022:4253-1)