Vulnerabilities > Busybox
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-27 | CVE-2023-42364 | Use After Free vulnerability in Busybox 1.36.1 A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. | 5.5 |
2023-11-27 | CVE-2023-42365 | Use After Free vulnerability in Busybox 1.36.1 A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. | 5.5 |
2023-11-27 | CVE-2023-42366 | Out-of-bounds Write vulnerability in Busybox 1.36.1 A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. | 5.5 |
2023-11-27 | CVE-2023-42363 | Use After Free vulnerability in Busybox 1.36.1 A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. | 5.5 |
2023-08-28 | CVE-2023-39810 | Path Traversal vulnerability in Busybox 1.30.1/1.33.2 An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal. | 7.8 |
2023-08-22 | CVE-2022-48174 | Out-of-bounds Write vulnerability in Busybox There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. | 9.8 |
2022-05-18 | CVE-2022-30065 | Use After Free vulnerability in multiple products A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. | 7.8 |
2022-04-03 | CVE-2022-28391 | Unspecified vulnerability in Busybox BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. | 8.8 |
2021-11-15 | CVE-2021-42373 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given | 5.5 |
2021-11-15 | CVE-2021-42374 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. | 5.3 |