Known Vulnerabilities for products from Busybox
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Busybox".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-42386 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2023-11-07 |
| CVE-2021-42385 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2023-11-07 |
| CVE-2021-42384 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2023-11-07 |
| CVE-2021-42383 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2023-11-07 |
| CVE-2021-42382 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2023-11-07 |
| CVE-2021-42381 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2023-11-07 |
| CVE-2021-42380 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2023-11-07 |
| CVE-2021-42379 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2023-11-07 |
| CVE-2021-42378 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2023-11-07 |
| CVE-2021-42377 | An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when proc... | 9.8 - CRITICAL | 2021-11-15 | 2023-11-07 |
| CVE-2021-42376 | A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due t... | 5.5 - MEDIUM | 2021-11-15 | 2023-11-07 |
| CVE-2021-42375 | An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell... | 5.5 - MEDIUM | 2021-11-15 | 2023-11-07 |
| CVE-2021-42374 | An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compr... | 5.3 - MEDIUM | 2021-11-15 | 2023-11-07 |
| CVE-2021-42373 | A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page arg... | 5.5 - MEDIUM | 2021-11-15 | 2023-11-07 |
| CVE-2021-28831 | decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant inv... | 7.5 - HIGH | 2021-03-19 | 2023-11-07 |
| CVE-2019-5747 | An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, cl... | 7.5 - HIGH | 2019-01-09 | 2022-10-29 |
| CVE-2018-1000517 | BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vuln... | 9.8 - CRITICAL | 2018-06-26 | 2021-02-18 |
| CVE-2018-1000500 | Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary... | 8.1 - HIGH | 2018-06-26 | 2020-09-24 |
| CVE-2018-20679 | An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, cli... | 7.5 - HIGH | 2019-01-09 | 2019-09-04 |
| CVE-2017-16544 | In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to g... | 8.8 - HIGH | 2017-11-20 | 2022-10-28 |
Known software with vulnerabilities from Busybox
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Busybox | Busybox | - |