QID 376088

Date Published: 2021-11-22

QID 376088: BusyBox Use After Free Vulnerability

BusyBox is a software suite of many useful Unix utilities, known as applets, that are packaged as a single executable file. Within BusyBox you can find a full-fledged shell, a DHCP client/server, and small utilities such as cp, ls, grep, and others.

A use-after-free in awk leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function

Affected Versions:

Successful exploitation causes denial of service and possible code execution.

  • CVSS V3 rated as High - 7.2 severity.
  • CVSS V2 rated as High - 6.5 severity.
  • Solution
    Customers are advised to update to BusyBox version 1.34.0 or later, for more info please refer here

    CVEs related to QID 376088

    Software Advisories
    Advisory ID Software Component Link
    NA URL Logo busybox.net/