CVE-2022-48174
Summary
| CVE | CVE-2022-48174 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-08-22 19:16:31 UTC |
| Updated | 2026-07-14 12:16:48 UTC |
| Description | There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. |
Risk And Classification
Primary CVSS: v3.1 9.8 CRITICAL from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.029790000 probability, percentile 0.857070000 (date 2026-07-14)
Problem Types: CWE-787 | n/a
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Busybox | Busybox | All | All | All | All |
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Na | N/a | affected n/a | Not specified |
| ADP | Siemens | RUGGEDCOM RST2428P | affected V3.3 custom | Not specified |
| ADP | Siemens | SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 Family | affected V3.3 custom | Not specified |
| ADP | Siemens | SCALANCE XCH328 | affected V3.3 custom | Not specified |
| ADP | Siemens | SCALANCE XCM324 | affected V3.3 custom | Not specified |
| ADP | Siemens | SCALANCE XCM328 | affected V3.3 custom | Not specified |
| ADP | Siemens | SCALANCE XCM332 | affected V3.3 custom | Not specified |
| ADP | Siemens | SCALANCE XRH334 24 V DC 8xFO CC | affected V3.3 custom | Not specified |
| ADP | Siemens | SCALANCE XRM334 230 V AC 12xFO | affected V3.3 custom | Not specified |
| ADP | Siemens | SCALANCE XRM334 230 V AC 8xFO | affected V3.3 custom | Not specified |
| ADP | Siemens | SCALANCE XRM334 230V AC 2x10G 24xSFP 8xSFP | affected V3.3 custom | Not specified |
| ADP | Siemens | SCALANCE XRM334 24 V DC 12xFO | affected V3.3 custom | Not specified |
| ADP | Siemens | SCALANCE XRM334 24 V DC 8xFO | affected V3.3 custom | Not specified |
| ADP | Siemens | SCALANCE XRM334 24V DC 2x10G 24xSFP 8xSFP | affected V3.3 custom | Not specified |
| ADP | Siemens | SCALANCE XRM334 2x230 V AC 12xFO | affected V3.3 custom | Not specified |
| ADP | Siemens | SCALANCE XRM334 2x230 V AC 8xFO | affected V3.3 custom | Not specified |
| ADP | Siemens | SCALANCE XRM334 2x230V AC 2x10G 24xSFP 8xSFP | affected V3.3 custom | Not specified |
| ADP | Siemens | SIDIS Secured SmartPlug | affected V7.26.0310 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cert-portal.siemens.com/productcert/html/ssa-089022.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| 15216 – There is a stack overflower in ash of busybox. Here is asan report. | af854a3a-2127-422b-91ae-364da2661108 | bugs.busybox.net | Issue Tracking, Vendor Advisory |
| lists.debian.org/debian-lts-announce/2025/01/msg00012.html | af854a3a-2127-422b-91ae-364da2661108 | lists.debian.org | Third Party Advisory |
| security.netapp.com/advisory/ntap-20241129-0001 | af854a3a-2127-422b-91ae-364da2661108 | security.netapp.com | Third Party Advisory |
| cert-portal.siemens.com/productcert/html/ssa-585531.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160979 Oracle Enterprise Linux Security Update for busybox (ELSA-2023-5178)
- 356156 Amazon Linux Security Advisory for busybox : ALAS-2023-1832
- 356348 Amazon Linux Security Advisory for busybox : AL2012-2023-451
- 390289 Oracle Managed Virtualization (VM) for x86 Security Update for busybox (OVMSA-2023-5178)
- 505857 Alpine Linux Security Update for busybox
- 673516 EulerOS Security Update for busybox (EulerOS-SA-2023-2873)
- 673669 EulerOS Security Update for busybox (EulerOS-SA-2023-2892)
- 673704 EulerOS Security Update for busybox (EulerOS-SA-2023-3002)
- 673918 EulerOS Security Update for busybox (EulerOS-SA-2023-3025)
- 674068 EulerOS Security Update for busybox (EulerOS-SA-2023-3201)
- 674096 EulerOS Security Update for busybox (EulerOS-SA-2023-3166)
- 754907 SUSE Enterprise Linux Security Update for busybox (SUSE-SU-2023:3729-1)
- 754970 SUSE Enterprise Linux Security Update for busybox (SUSE-SU-2023:3820-1)
- 754971 SUSE Enterprise Linux Security Update for busybox (SUSE-SU-2023:3819-1)