Known Vulnerabilities for products from Busybox
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Busybox".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
CVE | Shortened Description | Severity | Publish Date | Last Modified |
---|---|---|---|---|
CVE-2021-42386 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2022-01-04 |
CVE-2021-42385 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2022-01-04 |
CVE-2021-42384 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2022-01-04 |
CVE-2021-42383 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2022-01-04 |
CVE-2021-42382 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2022-01-04 |
CVE-2021-42381 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2022-01-04 |
CVE-2021-42380 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2022-01-04 |
CVE-2021-42379 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2022-01-04 |
CVE-2021-42378 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... | 7.2 - HIGH | 2021-11-15 | 2022-01-04 |
CVE-2021-42377 | An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when proc... | 9.8 - CRITICAL | 2021-11-15 | 2022-03-31 |
CVE-2021-42376 | A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due t... | 5.5 - MEDIUM | 2021-11-15 | 2022-03-31 |
CVE-2021-42375 | An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell... | 5.5 - MEDIUM | 2021-11-15 | 2022-03-31 |
CVE-2021-42374 | An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compr... | 5.3 - MEDIUM | 2021-11-15 | 2022-03-31 |
CVE-2021-42373 | A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page arg... | 5.5 - MEDIUM | 2021-11-15 | 2022-03-31 |
CVE-2021-28831 | decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant inv... | 7.5 - HIGH | 2021-03-19 | 2022-05-20 |
CVE-2019-5747 | An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, cl... | 7.5 - HIGH | 2019-01-09 | 2022-10-29 |
CVE-2018-1000517 | BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vuln... | 9.8 - CRITICAL | 2018-06-26 | 2021-02-18 |
CVE-2018-1000500 | Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary... | 8.1 - HIGH | 2018-06-26 | 2020-09-24 |
CVE-2018-20679 | An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, cli... | 7.5 - HIGH | 2019-01-09 | 2019-09-04 |
CVE-2017-16544 | In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to g... | 8.8 - HIGH | 2017-11-20 | 2022-10-28 |
Known software with vulnerabilities from Busybox
Type | Vendor | Product | Version |
---|---|---|---|
Application | Busybox | Busybox | - |
Popular searches for "Busybox"

BusyBox4Collection of Unix tools in a single executable file
BusyBox

BusyBox Andy Shevchenko modprobe: add support for modprobe.blacklist=module1,module2,... Audun-Marius Gangst: lineedit: fix unicode characters in prompt Christian Eggers: shell: fix "read -d ''" behavior ip: add support for "noprefixroute" option ip address: add support for "valid lft" and "preferred lft" options chrt: support for musl C library Cristian Ionescu-Idbohrn: fix warning: label 'out1' defined but not used Denys Vlasenko: avoid using strtok - eliminates use of hidden global variable use write str functions where appropriate fixes for Hurd build move ADJTIME PATH define to header files examples: remove /sbin/ prefixes, system should be configured with $PATH to find utilities build system: combat gcc zealotry in data alignment build system: make -static-libgcc selectable in config libbb: add and use infrastructure for fixed page size optimization libbb: bb do delay 3 -> pause after failed login , and stop looping there libbb: change decode base32/64 API to return the end of dst
Almquist shell BusyBox Command-line interface Shell (computing) Configure script Build automation Directory (computing) Character (computing) Subroutine Unicode PATH (variable) Base32 Data compression String (computer science) Udhcpc List of DOS commands Errno.h Modprobe Unix shell SIGHUP