Known Vulnerabilities for products from Busybox

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Busybox".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-42386 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... 7.2 - HIGH 2021-11-15 2022-01-04
CVE-2021-42385 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... 7.2 - HIGH 2021-11-15 2022-01-04
CVE-2021-42384 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... 7.2 - HIGH 2021-11-15 2022-01-04
CVE-2021-42383 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... 7.2 - HIGH 2021-11-15 2022-01-04
CVE-2021-42382 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... 7.2 - HIGH 2021-11-15 2022-01-04
CVE-2021-42381 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... 7.2 - HIGH 2021-11-15 2022-01-04
CVE-2021-42380 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... 7.2 - HIGH 2021-11-15 2022-01-04
CVE-2021-42379 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... 7.2 - HIGH 2021-11-15 2022-01-04
CVE-2021-42378 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk... 7.2 - HIGH 2021-11-15 2022-01-04
CVE-2021-42377 An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when proc... 9.8 - CRITICAL 2021-11-15 2022-03-31
CVE-2021-42376 A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due t... 5.5 - MEDIUM 2021-11-15 2022-03-31
CVE-2021-42375 An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell... 5.5 - MEDIUM 2021-11-15 2022-03-31
CVE-2021-42374 An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compr... 5.3 - MEDIUM 2021-11-15 2022-03-31
CVE-2021-42373 A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page arg... 5.5 - MEDIUM 2021-11-15 2022-03-31
CVE-2021-28831 decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant inv... 7.5 - HIGH 2021-03-19 2022-05-20
CVE-2019-5747 An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, cl... 7.5 - HIGH 2019-01-09 2022-10-29
CVE-2018-1000517 BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vuln... 9.8 - CRITICAL 2018-06-26 2021-02-18
CVE-2018-1000500 Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary... 8.1 - HIGH 2018-06-26 2020-09-24
CVE-2018-20679 An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, cli... 7.5 - HIGH 2019-01-09 2019-09-04
CVE-2017-16544 In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to g... 8.8 - HIGH 2017-11-20 2022-10-28
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Busybox

Type Vendor Product Version
ApplicationBusyboxBusybox-

Popular searches for "Busybox"

BusyBox4Collection of Unix tools in a single executable file

BusyBox is a software suite that provides several Unix utilities in a single executable file. It runs in a variety of POSIX environments such as Linux, Android, and FreeBSD, although many of the tools it provides are designed to work with interfaces provided by the Linux kernel. It was specifically created for embedded operating systems with very limited resources.

BusyBox

www.busybox.net

BusyBox Andy Shevchenko modprobe: add support for modprobe.blacklist=module1,module2,... Audun-Marius Gangst: lineedit: fix unicode characters in prompt Christian Eggers: shell: fix "read -d ''" behavior ip: add support for "noprefixroute" option ip address: add support for "valid lft" and "preferred lft" options chrt: support for musl C library Cristian Ionescu-Idbohrn: fix warning: label 'out1' defined but not used Denys Vlasenko: avoid using strtok - eliminates use of hidden global variable use write str functions where appropriate fixes for Hurd build move ADJTIME PATH define to header files examples: remove /sbin/ prefixes, system should be configured with $PATH to find utilities build system: combat gcc zealotry in data alignment build system: make -static-libgcc selectable in config libbb: add and use infrastructure for fixed page size optimization libbb: bb do delay 3 -> pause after failed login , and stop looping there libbb: change decode base32/64 API to return the end of dst

Almquist shell BusyBox Command-line interface Shell (computing) Configure script Build automation Directory (computing) Character (computing) Subroutine Unicode PATH (variable) Base32 Data compression String (computer science) Udhcpc List of DOS commands Errno.h Modprobe Unix shell SIGHUP

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report