CVE-2021-42376

CVE	CVE-2021-42376
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-11-15 21:15:00 UTC
Updated	2023-11-07 03:39:00 UTC
Description	A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.

Problem Types: CWE-476

Type	Vendor	Product	Version	Update	Edition	Language
Application	Busybox	Busybox	All	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Application	Netapp	Cloud Backup	-	All	All	All
Hardware	Netapp	H300e	-	All	All	All
Operating System	Netapp	H300e Firmware	-	All	All	All
Hardware	Netapp	H300s	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Hardware	Netapp	H410s	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Hardware	Netapp	H500e	-	All	All	All
Operating System	Netapp	H500e Firmware	-	All	All	All
Hardware	Netapp	H500s	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Hardware	Netapp	H700e	-	All	All	All
Operating System	Netapp	H700e Firmware	-	All	All	All
Hardware	Netapp	H700s	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All
Application	Netapp	Hci Management Node	-	All	All	All
Application	Netapp	Solidfire	-	All	All	All

Reference	Source	Link	Tags
November 2021 BusyBox Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
Unboxing BusyBox - 14 new vulnerabilities uncovered by Claroty and JFrog \| JFrog	N/A	jfrog.com
[SECURITY] Fedora 33 Update: busybox-1.34.1-1.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Unboxing BusyBox: 14 Vulnerabilities Uncovered by Claroty, JFrog \| Claroty	MISC	claroty.com
[SECURITY] Fedora 33 Update: busybox-1.34.1-1.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
FEDORA-2021-c52c0fe490	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 34 Update: busybox-1.34.1-1.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

184570 Debian Security Update for busybox (CVE-2021-42376)
282073 Fedora Security Update for busybox (FEDORA-2021-c52c0fe490)
282074 Fedora Security Update for busybox (FEDORA-2021-5a95823596)
353116 Amazon Linux Security Advisory for busybox : ALAS-2022-1558
353241 Amazon Linux Security Advisory for busybox : AL2012-2022-358
376054 BusyBox Denial of Service (DoS) Vulnerability
671364 EulerOS Security Update for busybox (EulerOS-SA-2022-1303)
671377 EulerOS Security Update for busybox (EulerOS-SA-2022-1287)
671487 EulerOS Security Update for busybox (EulerOS-SA-2022-1472)
671518 EulerOS Security Update for busybox (EulerOS-SA-2022-1463)
730371 McAfee Web Gateway Multiple Vulnerabilities (WP-3335,WP-4131,WP-4159,WP-4237,WP-4259,WP-4329,WP-4348,WP-4355,WP-4376,WP-4407,WP-4421)
751624 SUSE Enterprise Linux Security Update for busybox (SUSE-SU-2022:0135-1)
751633 OpenSUSE Security Update for busybox (openSUSE-SU-2022:0135-1)
752794 SUSE Enterprise Linux Security Update for busybox (SUSE-SU-2022:3959-1)
752903 SUSE Enterprise Linux Security Update for busybox (SUSE-SU-2022:4253-1)
900452 Common Base Linux Mariner (CBL-Mariner) Security Update for busybox (6186)
900964 Common Base Linux Mariner (CBL-Mariner) Security Update for busybox (6344-1)