Vulnerabilities > Busybox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-27 | CVE-2023-42364 | Use After Free vulnerability in Busybox 1.36.1 A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. | 5.5 |
| 2023-11-27 | CVE-2023-42365 | Use After Free vulnerability in Busybox 1.36.1 A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. | 5.5 |
| 2023-11-27 | CVE-2023-42366 | Out-of-bounds Write vulnerability in Busybox 1.36.1 A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. | 5.5 |
| 2023-11-27 | CVE-2023-42363 | Use After Free vulnerability in Busybox 1.36.1 A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. | 5.5 |
| 2021-11-15 | CVE-2021-42373 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given | 5.5 |
| 2021-11-15 | CVE-2021-42374 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. | 5.3 |
| 2021-11-15 | CVE-2021-42375 | An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. | 5.5 |
| 2021-11-15 | CVE-2021-42376 | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. | 5.5 |
| 2018-07-26 | CVE-2015-9261 | NULL Pointer Dereference vulnerability in multiple products huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. | 5.5 |
| 2017-10-24 | CVE-2017-15874 | Integer Underflow (Wrap or Wraparound) vulnerability in Busybox 1.27.2 archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation. | 5.5 |