Vulnerabilities > CVE-2022-30065 - Use After Free vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

busybox

siemens

CWE-416

NVD

Published: 2022-05-18

Updated: 2023-02-11

Summary

A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.

Vulnerable Configurations

Part	Description	Count
Application	Busybox Busybox Busybox 1.35.0	1
OS	Siemens Siemens Scalance Sc622 2C Firmware - Siemens Scalance Sc622 2C Firmware 2.3 Siemens Scalance Sc626 2C Firmware - Siemens Scalance Sc626 2C Firmware 2.3 Siemens Scalance Sc632 2C Firmware - Siemens Scalance Sc632 2C Firmware 2.3 Siemens Scalance Sc636 2C Firmware - Siemens Scalance Sc636 2C Firmware 2.3 Siemens Scalance Sc642 2C Firmware - Siemens Scalance Sc642 2C Firmware 2.3 Siemens Scalance Sc646 2C Firmware - Siemens Scalance Sc646 2C Firmware 2.3	12
Hardware	Siemens Siemens Scalance Sc622 2C - Siemens Scalance Sc626 2C - Siemens Scalance Sc632 2C - Siemens Scalance Sc636 2C - Siemens Scalance Sc642 2C - Siemens Scalance Sc646 2C -	6

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References