Vulnerabilities > Busybox > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-22 CVE-2022-48174 Out-of-bounds Write vulnerability in Busybox
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35.
network
low complexity
busybox CWE-787
critical
9.8
2021-11-15 CVE-2021-42377 Release of Invalid Pointer or Reference vulnerability in multiple products
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string.
network
low complexity
busybox fedoraproject netapp CWE-763
critical
9.8
2018-06-26 CVE-2018-1000517 Classic Buffer Overflow vulnerability in multiple products
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow.
network
low complexity
busybox debian canonical CWE-120
critical
9.8
2017-02-09 CVE-2016-2148 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.
network
low complexity
busybox debian canonical CWE-119
critical
9.8