VYPR

rpm package

suse/busybox&distro=SUSE Linux Enterprise Module for Basesystem 15 SP4

pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4

Vulnerabilities (30)

  • CVE-2022-48174Aug 22, 2023
    affected < 1.35.0-150400.3.11.1fixed 1.35.0-150400.3.11.1

    There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

  • CVE-2022-30065May 18, 2022
    affected < 1.35.0-150400.3.8.1fixed 1.35.0-150400.3.8.1

    A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.

  • CVE-2021-42386Nov 15, 2021
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function

  • CVE-2021-42385Nov 15, 2021
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function

  • CVE-2021-42384Nov 15, 2021
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function

  • CVE-2021-42383Nov 15, 2021
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function

  • CVE-2021-42382Nov 15, 2021
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function

  • CVE-2021-42381Nov 15, 2021
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function

  • CVE-2021-42380Nov 15, 2021
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function

  • CVE-2021-42379Nov 15, 2021
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function

  • CVE-2021-42378Nov 15, 2021
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function

  • CVE-2021-42377Nov 15, 2021
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered c

  • CVE-2021-42376Nov 15, 2021
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.

  • CVE-2021-42375Nov 15, 2021
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.

  • CVE-2021-42374Nov 15, 2021
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that

  • CVE-2021-42373Nov 15, 2021
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given

  • CVE-2021-28831Mar 19, 2021
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

  • CVE-2019-5747Jan 9, 2019
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assura

  • CVE-2018-20679Jan 9, 2019
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in

  • CVE-2015-9261Jul 26, 2018
    affected < 1.35.0-150400.3.3.1fixed 1.35.0-150400.3.3.1

    huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.

Page 1 of 2