Vulnerabilities > Busybox

DATE CVE VULNERABILITY TITLE RISK
2021-11-15 CVE-2021-42375 An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters.
local
low complexity
busybox fedoraproject netapp
5.5
2021-11-15 CVE-2021-42376 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character.
local
low complexity
busybox fedoraproject netapp CWE-476
5.5
2021-11-15 CVE-2021-42377 Release of Invalid Pointer or Reference vulnerability in multiple products
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string.
network
low complexity
busybox fedoraproject netapp CWE-763
critical
9.8
2021-11-15 CVE-2021-42378 Use After Free vulnerability in multiple products
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function
network
low complexity
busybox fedoraproject CWE-416
7.2
2021-11-15 CVE-2021-42379 Use After Free vulnerability in multiple products
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function
network
low complexity
busybox fedoraproject CWE-416
7.2
2021-11-15 CVE-2021-42380 Use After Free vulnerability in multiple products
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function
network
low complexity
busybox fedoraproject CWE-416
7.2
2021-11-15 CVE-2021-42381 Use After Free vulnerability in multiple products
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function
network
low complexity
busybox fedoraproject CWE-416
7.2
2021-11-15 CVE-2021-42382 Use After Free vulnerability in multiple products
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function
network
low complexity
busybox fedoraproject CWE-416
7.2
2021-11-15 CVE-2021-42383 Use After Free vulnerability in multiple products
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
network
low complexity
busybox fedoraproject CWE-416
7.2
2021-11-15 CVE-2021-42384 Use After Free vulnerability in multiple products
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function
network
low complexity
busybox fedoraproject CWE-416
7.2