Vulnerabilities > Busybox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-18 | CVE-2022-30065 | Use After Free vulnerability in multiple products A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. | 7.8 |
| 2022-04-03 | CVE-2022-28391 | Unspecified vulnerability in Busybox BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. network busybox | 6.8 |
| 2021-11-15 | CVE-2021-42373 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given | 5.5 |
| 2021-11-15 | CVE-2021-42374 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. | 5.3 |
| 2021-11-15 | CVE-2021-42375 | An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. | 5.5 |
| 2021-11-15 | CVE-2021-42376 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. | 5.5 |
| 2021-11-15 | CVE-2021-42377 | Release of Invalid Pointer or Reference vulnerability in multiple products An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. | 9.8 |
| 2021-11-15 | CVE-2021-42378 | Use After Free vulnerability in multiple products A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function | 7.2 |
| 2021-11-15 | CVE-2021-42379 | Use After Free vulnerability in multiple products A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function | 7.2 |
| 2021-11-15 | CVE-2021-42380 | Use After Free vulnerability in multiple products A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function | 7.2 |