Busybox

Busybox

41 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-42377

  • EPSS 1.86%
  • Veröffentlicht 15.11.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:41

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under...

5.5

CVE-2021-42375

  • EPSS 0.06%
  • Veröffentlicht 15.11.2021 21:15:07
  • Zuletzt bearbeitet 23.04.2025 20:15:33

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditi...

5.3

CVE-2021-42374

Exploit
  • EPSS 0.07%
  • Veröffentlicht 15.11.2021 21:15:07
  • Zuletzt bearbeitet 05.05.2025 17:17:27

An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that

5.5

CVE-2021-42373

  • EPSS 0.08%
  • Veröffentlicht 15.11.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:41

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given

7.5

CVE-2021-28831

  • EPSS 1.04%
  • Veröffentlicht 19.03.2021 05:15:13
  • Zuletzt bearbeitet 09.05.2025 20:15:36

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

7.5

CVE-2019-5747

Exploit
  • EPSS 0.42%
  • Veröffentlicht 09.01.2019 16:29:00
  • Zuletzt bearbeitet 09.06.2025 16:15:31

An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP mess...

7.5

CVE-2018-20679

Exploit
  • EPSS 12.39%
  • Veröffentlicht 09.01.2019 16:29:00
  • Zuletzt bearbeitet 09.06.2025 16:15:29

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This...

5.5

CVE-2015-9261

Exploit
  • EPSS 0.26%
  • Veröffentlicht 26.07.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 02:40:11

huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.

9.8

CVE-2018-1000517

  • EPSS 34.32%
  • Veröffentlicht 26.06.2018 16:29:01
  • Zuletzt bearbeitet 09.06.2025 16:15:28

BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectiv...

8.1

CVE-2018-1000500

  • EPSS 0.49%
  • Veröffentlicht 26.06.2018 16:29:00
  • Zuletzt bearbeitet 09.06.2025 16:15:27

Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://com...