Busybox

Busybox

42 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2018-1000500

  • EPSS 0.59%
  • Veröffentlicht 26.06.2018 16:29:00
  • Zuletzt bearbeitet 09.06.2025 16:15:27

Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://com...

8.8

CVE-2017-16544

Exploit
  • EPSS 1.41%
  • Veröffentlicht 20.11.2017 15:29:00
  • Zuletzt bearbeitet 09.06.2025 16:15:26

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the termin...

5.5

CVE-2017-15874

Exploit
  • EPSS 0.28%
  • Veröffentlicht 24.10.2017 20:29:00
  • Zuletzt bearbeitet 09.06.2025 16:15:26

archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.

5.5

CVE-2017-15873

Exploit
  • EPSS 0.14%
  • Veröffentlicht 24.10.2017 20:29:00
  • Zuletzt bearbeitet 09.06.2025 16:15:26

The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.

7.5

CVE-2011-5325

Exploit
  • EPSS 3.55%
  • Veröffentlicht 07.08.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.

5.5

CVE-2014-9645

  • EPSS 0.32%
  • Veröffentlicht 12.03.2017 06:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or ...

9.8

CVE-2016-2148

Exploit
  • EPSS 16.07%
  • Veröffentlicht 09.02.2017 15:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.

7.5

CVE-2016-2147

Exploit
  • EPSS 2.39%
  • Veröffentlicht 09.02.2017 15:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.

7.8

CVE-2016-6301

  • EPSS 3.13%
  • Veröffentlicht 09.12.2016 20:59:01
  • Zuletzt bearbeitet 04.12.2025 17:15:50

The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.

7.2

CVE-2013-1813

Exploit
  • EPSS 0.09%
  • Veröffentlicht 23.11.2013 11:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.