Busybox

Busybox

42 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2021-42378

  • EPSS 0.24%
  • Veröffentlicht 15.11.2021 21:15:07
  • Zuletzt bearbeitet 03.11.2025 21:15:44

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function

5.5

CVE-2021-42376

  • EPSS 0.05%
  • Veröffentlicht 15.11.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:41

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered comman...

5.5

CVE-2021-42375

  • EPSS 0.06%
  • Veröffentlicht 15.11.2021 21:15:07
  • Zuletzt bearbeitet 23.04.2025 20:15:33

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditi...

5.3

CVE-2021-42374

Exploit
  • EPSS 0.05%
  • Veröffentlicht 15.11.2021 21:15:07
  • Zuletzt bearbeitet 03.11.2025 21:15:43

An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that

5.5

CVE-2021-42373

  • EPSS 0.08%
  • Veröffentlicht 15.11.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:41

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given

7.5

CVE-2021-28831

  • EPSS 1.02%
  • Veröffentlicht 19.03.2021 05:15:13
  • Zuletzt bearbeitet 03.11.2025 21:15:40

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

7.5

CVE-2019-5747

Exploit
  • EPSS 0.37%
  • Veröffentlicht 09.01.2019 16:29:00
  • Zuletzt bearbeitet 09.06.2025 16:15:31

An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP mess...

7.5

CVE-2018-20679

Exploit
  • EPSS 9.59%
  • Veröffentlicht 09.01.2019 16:29:00
  • Zuletzt bearbeitet 09.06.2025 16:15:29

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This...

5.5

CVE-2015-9261

Exploit
  • EPSS 0.6%
  • Veröffentlicht 26.07.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 02:40:11

huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.

9.8

CVE-2018-1000517

  • EPSS 34.24%
  • Veröffentlicht 26.06.2018 16:29:01
  • Zuletzt bearbeitet 09.06.2025 16:15:28

BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectiv...