Vulnerabilities > Busybox > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-27 CVE-2023-42364 Use After Free vulnerability in Busybox 1.36.1
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.
local
low complexity
busybox CWE-416
5.5
2023-11-27 CVE-2023-42365 Use After Free vulnerability in Busybox 1.36.1
A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
local
low complexity
busybox CWE-416
5.5
2023-11-27 CVE-2023-42366 Out-of-bounds Write vulnerability in Busybox 1.36.1
A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.
local
low complexity
busybox CWE-787
5.5
2023-11-27 CVE-2023-42363 Use After Free vulnerability in Busybox 1.36.1
A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
local
low complexity
busybox CWE-416
5.5
2022-04-03 CVE-2022-28391 Unspecified vulnerability in Busybox
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal.
network
busybox
6.8
2021-11-15 CVE-2021-42373 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
local
low complexity
busybox fedoraproject netapp CWE-476
5.5
2021-11-15 CVE-2021-42374 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed.
local
high complexity
busybox fedoraproject netapp CWE-125
5.3
2021-11-15 CVE-2021-42375 An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters.
local
low complexity
busybox fedoraproject netapp
5.5
2021-11-15 CVE-2021-42376 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character.
local
low complexity
busybox fedoraproject netapp CWE-476
5.5
2019-01-09 CVE-2018-20679 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in BusyBox before 1.30.0.
network
low complexity
busybox canonical CWE-125
5.0