A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-11-27
Updated
2023-11-30
A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-11-27
Updated
2023-11-30
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-11-27
Updated
2023-11-30
A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
Max CVSS
5.5
EPSS Score
0.04%
Published
2023-11-27
Updated
2023-11-30
An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.
Max CVSS
7.8
EPSS Score
0.06%
Published
2023-08-28
Updated
2023-09-07
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.
Max CVSS
9.8
EPSS Score
0.13%
Published
2023-08-22
Updated
2023-08-28
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.
Max CVSS
7.8
EPSS Score
0.07%
Published
2022-05-18
Updated
2023-02-11
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.
Max CVSS
8.8
EPSS Score
1.13%
Published
2022-04-03
Updated
2022-08-11
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function
Max CVSS
7.2
EPSS Score
0.24%
Published
2021-11-15
Updated
2023-04-25
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.
Max CVSS
9.8
EPSS Score
1.33%
Published
2021-11-15
Updated
2023-04-25
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-11-15
Updated
2023-04-25
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-11-15
Updated
2023-04-25
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that
Max CVSS
5.3
EPSS Score
0.12%
Published
2021-11-15
Updated
2023-04-25
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-11-15
Updated
2023-04-25
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
Max CVSS
7.5
EPSS Score
0.57%
Published
2021-03-19
Updated
2022-05-20
An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679.
Max CVSS
7.5
EPSS Score
0.85%
Published
2019-01-09
Updated
2022-10-29
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.
Max CVSS
9.8
EPSS Score
0.28%
Published
2018-06-26
Updated
2021-02-18
39 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!