Vulnerabilities > Busybox > Busybox > 1.7.0

DATE CVE VULNERABILITY TITLE RISK
2023-08-22 CVE-2022-48174 Out-of-bounds Write vulnerability in Busybox
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35.
network
low complexity
busybox CWE-787
critical
9.8
2022-04-03 CVE-2022-28391 Unspecified vulnerability in Busybox
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal.
network
busybox
6.8
2019-01-09 CVE-2019-5747 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in BusyBox through 1.30.0.
network
low complexity
busybox canonical CWE-125
7.5
2019-01-09 CVE-2018-20679 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in BusyBox before 1.30.0.
network
low complexity
busybox canonical CWE-125
5.0
2018-07-26 CVE-2015-9261 NULL Pointer Dereference vulnerability in multiple products
huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.
local
low complexity
busybox debian canonical CWE-476
5.5
2018-06-26 CVE-2018-1000517 Classic Buffer Overflow vulnerability in multiple products
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow.
network
low complexity
busybox debian canonical CWE-120
7.5
2018-06-26 CVE-2018-1000500 Improper Certificate Validation vulnerability in Busybox
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution.
network
busybox CWE-295
6.8
2017-11-20 CVE-2017-16544 Code Injection vulnerability in multiple products
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal.
network
low complexity
busybox debian vmware redlion canonical CWE-94
8.8
2017-08-07 CVE-2011-5325 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
network
low complexity
busybox debian canonical CWE-22
5.0
2017-03-12 CVE-2014-9645 Improper Input Validation vulnerability in Busybox
The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command.
local
low complexity
busybox CWE-20
2.1