Vulnerabilities > Busybox > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-15 | CVE-2021-42386 | Use After Free vulnerability in multiple products A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function | 7.2 |
2021-03-19 | CVE-2021-28831 | Improper Handling of Exceptional Conditions vulnerability in multiple products decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. | 7.5 |
2019-01-09 | CVE-2019-5747 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in BusyBox through 1.30.0. | 7.5 |
2018-06-26 | CVE-2018-1000517 | Classic Buffer Overflow vulnerability in multiple products BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. | 7.5 |
2017-11-20 | CVE-2017-16544 | Code Injection vulnerability in multiple products In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. | 8.8 |
2017-02-09 | CVE-2016-2148 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. | 7.5 |
2016-12-09 | CVE-2016-6301 | Resource Management Errors vulnerability in Busybox The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop. | 7.8 |
2013-11-23 | CVE-2013-1813 | Permissions, Privileges, and Access Controls vulnerability in multiple products util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors. | 7.2 |