Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
busybox busybox

Version unspecified

OTHER 14 CVEs

Known Vulnerabilities

CVE-2021-42379

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function

UNKNOWN CVSS 7.2 Published Nov 15, 2021

CVE-2021-42377

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.

UNKNOWN Published Nov 15, 2021

CVE-2021-42384

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function

UNKNOWN CVSS 7.2 Published Nov 15, 2021

CVE-2021-42386

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function

UNKNOWN CVSS 7.2 Published Nov 15, 2021

CVE-2021-42381

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function

UNKNOWN CVSS 7.2 Published Nov 15, 2021

CVE-2021-42373

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given

UNKNOWN Published Nov 15, 2021

CVE-2021-42375

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.

UNKNOWN CVSS 5.5 Published Nov 15, 2021

CVE-2021-42376

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.

UNKNOWN Published Nov 15, 2021

CVE-2021-42374

An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that

UNKNOWN CVSS 5.3 Published Nov 15, 2021

CVE-2021-42378

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function

UNKNOWN CVSS 7.2 Published Nov 15, 2021

CVE-2021-42383

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function

UNKNOWN CVSS 7.2 Published Nov 15, 2021

CVE-2021-42382

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function

UNKNOWN CVSS 7.2 Published Nov 15, 2021

CVE-2021-42380

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function

UNKNOWN CVSS 7.2 Published Nov 15, 2021

CVE-2021-42385

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function

UNKNOWN CVSS 7.2 Published Nov 15, 2021