High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-11-15	CVE-2021-42386	Use After Free vulnerability in multiple products A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function network low complexity busybox fedoraproject CWE-416	7.2
2021-03-19	CVE-2021-28831	Improper Handling of Exceptional Conditions vulnerability in multiple products decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. network low complexity busybox fedoraproject debian CWE-755	7.5
2019-01-09	CVE-2019-5747	Out-of-bounds Read vulnerability in multiple products An issue was discovered in BusyBox through 1.30.0. network low complexity busybox canonical CWE-125	7.5
2018-06-26	CVE-2018-1000517	Classic Buffer Overflow vulnerability in multiple products BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. network low complexity busybox debian canonical CWE-120	7.5
2017-11-20	CVE-2017-16544	Code Injection vulnerability in multiple products In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. network low complexity busybox debian vmware redlion canonical CWE-94	8.8
2017-02-09	CVE-2016-2148	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. network low complexity busybox debian canonical CWE-119	7.5
2016-12-09	CVE-2016-6301	Resource Management Errors vulnerability in Busybox The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop. network low complexity busybox CWE-399	7.8
2013-11-23	CVE-2013-1813	Permissions, Privileges, and Access Controls vulnerability in multiple products util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors. local low complexity redhat t-mobile busybox CWE-264	7.2