Unrated severityNVD Advisory· Published Apr 3, 2022· Updated Jun 9, 2025
CVE-2022-28391
CVE-2022-28391
Description
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.
Affected products
12- BusyBox/BusyBoxdescription
- osv-coords11 versionspkg:apk/chainguard/busyboxpkg:apk/chainguard/busybox-fullpkg:apk/wolfi/busyboxpkg:apk/wolfi/busybox-fullpkg:deb/ubuntu/busybox?arch=src?distro=esm-infra/bionicpkg:deb/ubuntu/busybox?arch=src?distro=esm-infra-legacy/trustypkg:deb/ubuntu/busybox?arch=src?distro=esm-infra/xenialpkg:deb/ubuntu/busybox?arch=src?distro=focalpkg:deb/ubuntu/busybox?arch=src?distro=jammypkg:deb/ubuntu/busybox?arch=src?distro=noblepkg:deb/ubuntu/busybox?arch=src?distro=oracular
< 1.35.0-r3+ 10 more
- (no CPE)range: < 1.35.0-r3
- (no CPE)range: < 1.35.0-r3
- (no CPE)range: < 1.35.0-r3
- (no CPE)range: < 1.35.0-r3
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- gitlab.alpinelinux.org/alpine/aports/-/issues/13661mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.