Known Vulnerabilities for Busybox by Busybox

Listed below are 10 of the newest known vulnerabilities associated with "Busybox" by "Busybox".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2023-39810 An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. Not Provided 2023-08-28 2023-08-28
CVE-2022-48174 There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, thi... Not Provided 2023-08-22 2023-08-22
CVE-2021-42381 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... 7.2 - HIGH 2021-11-15 2023-04-25
CVE-2021-42380 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... 7.2 - HIGH 2021-11-15 2023-04-25
CVE-2021-42379 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... 7.2 - HIGH 2021-11-15 2023-04-25
CVE-2021-42378 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... 7.2 - HIGH 2021-11-15 2023-04-25
CVE-2021-42377 An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when proc... 9.8 - CRITICAL 2021-11-15 2023-04-25
CVE-2021-42376 A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due t... 5.5 - MEDIUM 2021-11-15 2023-04-25
CVE-2021-42375 An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell... 5.5 - MEDIUM 2021-11-15 2023-04-25
CVE-2021-42374 An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compr... 5.3 - MEDIUM 2021-11-15 2023-04-25
Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationBusyboxBusybox1.9.2AllAllAll
ApplicationBusyboxBusybox1.9.1AllAllAll
ApplicationBusyboxBusybox1.9.0AllAllAll
ApplicationBusyboxBusybox1.8.3AllAllAll
ApplicationBusyboxBusybox1.8.2AllAllAll
ApplicationBusyboxBusybox1.8.1AllAllAll
ApplicationBusyboxBusybox1.8.0AllAllAll
ApplicationBusyboxBusybox1.7.5AllAllAll
ApplicationBusyboxBusybox1.7.4AllAllAll
ApplicationBusyboxBusybox1.7.3AllAllAll
ApplicationBusyboxBusybox1.7.2AllAllAll
ApplicationBusyboxBusybox1.7.1AllAllAll
ApplicationBusyboxBusybox1.7.0AllAllAll
ApplicationBusyboxBusybox1.6.2AllAllAll
ApplicationBusyboxBusybox1.6.1AllAllAll
ApplicationBusyboxBusybox1.6.0AllAllAll
ApplicationBusyboxBusybox1.5.2AllAllAll
ApplicationBusyboxBusybox1.5.1AllAllAll
ApplicationBusyboxBusybox1.5.0AllAllAll
ApplicationBusyboxBusybox1.4.2AllAllAll
Results limited to 20 most recent known configurations

Popular searches for Busybox

BusyBox

www.busybox.net

BusyBox Andy Shevchenko modprobe: add support for modprobe.blacklist=module1,module2,... Audun-Marius Gangst: lineedit: fix unicode characters in prompt Christian Eggers: shell: fix "read -d ''" behavior ip: add support for "noprefixroute" option ip address: add support for "valid lft" and "preferred lft" options chrt: support for musl C library Cristian Ionescu-Idbohrn: fix warning: label 'out1' defined but not used Denys Vlasenko: avoid using strtok - eliminates use of hidden global variable use write str functions where appropriate fixes for Hurd build move ADJTIME PATH define to header files examples: remove /sbin/ prefixes, system should be configured with $PATH to find utilities build system: combat gcc zealotry in data alignment build system: make -static-libgcc selectable in config libbb: add and use infrastructure for fixed page size optimization libbb: bb do delay 3 -> pause after failed login , and stop looping there libbb: change decode base32/64 API to return the end of dst

Almquist shell BusyBox Command-line interface Shell (computing) Configure script Build automation Directory (computing) Character (computing) Subroutine Unicode PATH (variable) Base32 Data compression String (computer science) Udhcpc List of DOS commands Errno.h Modprobe Unix shell SIGHUP

BusyBox

busybox.net/about.html

BusyBox BusyBox . , : The Swiss Army Knife of Embedded Linux. BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. BusyBox M K I provides a fairly complete environment for any small or embedded system.

BusyBox Utility software GNU Embedded system Linux on embedded systems Executable Unix Swiss Army knife Command (computing) Linux Linux kernel Software license Compile time Configuration file Modular programming Kernel (operating system) Command-line interface Software versioning GNU Core Utilities Program optimization

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report