Vulnerabilities > Busybox > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-15 CVE-2021-42386 Use After Free vulnerability in multiple products
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function
network
low complexity
busybox fedoraproject CWE-416
7.2
2021-03-19 CVE-2021-28831 Improper Handling of Exceptional Conditions vulnerability in multiple products
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
network
low complexity
busybox fedoraproject debian CWE-755
7.5
2019-01-09 CVE-2019-5747 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in BusyBox through 1.30.0.
network
low complexity
busybox canonical CWE-125
7.5
2018-06-26 CVE-2018-1000517 Classic Buffer Overflow vulnerability in multiple products
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow.
network
low complexity
busybox debian canonical CWE-120
7.5
2017-11-20 CVE-2017-16544 Code Injection vulnerability in multiple products
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal.
network
low complexity
busybox debian vmware redlion canonical CWE-94
8.8
2017-02-09 CVE-2016-2148 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.
network
low complexity
busybox debian canonical CWE-119
7.5
2016-12-09 CVE-2016-6301 Resource Management Errors vulnerability in Busybox
The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.
network
low complexity
busybox CWE-399
7.8
2013-11-23 CVE-2013-1813 Permissions, Privileges, and Access Controls vulnerability in multiple products
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.
local
low complexity
redhat t-mobile busybox CWE-264
7.2