rpm package
suse/busybox&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
Vulnerabilities (29)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-48174 | — | < 1.35.0-150000.4.20.1 | 1.35.0-150000.4.20.1 | Aug 22, 2023 | There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. | ||
| CVE-2021-42386 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Nov 15, 2021 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function | ||
| CVE-2021-42385 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Nov 15, 2021 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | ||
| CVE-2021-42384 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Nov 15, 2021 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function | ||
| CVE-2021-42383 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Nov 15, 2021 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | ||
| CVE-2021-42382 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Nov 15, 2021 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function | ||
| CVE-2021-42381 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Nov 15, 2021 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function | ||
| CVE-2021-42380 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Nov 15, 2021 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function | ||
| CVE-2021-42379 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Nov 15, 2021 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function | ||
| CVE-2021-42378 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Nov 15, 2021 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function | ||
| CVE-2021-42377 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Nov 15, 2021 | An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered c | ||
| CVE-2021-42376 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Nov 15, 2021 | A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. | ||
| CVE-2021-42375 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Nov 15, 2021 | An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. | ||
| CVE-2021-42374 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Nov 15, 2021 | An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that | ||
| CVE-2021-42373 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Nov 15, 2021 | A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given | ||
| CVE-2021-28831 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Mar 19, 2021 | decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. | ||
| CVE-2019-5747 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Jan 9, 2019 | An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assura | ||
| CVE-2018-20679 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Jan 9, 2019 | An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in | ||
| CVE-2015-9261 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Jul 26, 2018 | huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. | ||
| CVE-2018-1000517 | — | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Jun 26, 2018 | BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appear |
- CVE-2022-48174Aug 22, 2023affected < 1.35.0-150000.4.20.1fixed 1.35.0-150000.4.20.1
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.
- CVE-2021-42386Nov 15, 2021affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function
- CVE-2021-42385Nov 15, 2021affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
- CVE-2021-42384Nov 15, 2021affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function
- CVE-2021-42383Nov 15, 2021affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
- CVE-2021-42382Nov 15, 2021affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function
- CVE-2021-42381Nov 15, 2021affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function
- CVE-2021-42380Nov 15, 2021affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function
- CVE-2021-42379Nov 15, 2021affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function
- CVE-2021-42378Nov 15, 2021affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function
- CVE-2021-42377Nov 15, 2021affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered c
- CVE-2021-42376Nov 15, 2021affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
- CVE-2021-42375Nov 15, 2021affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.
- CVE-2021-42374Nov 15, 2021affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that
- CVE-2021-42373Nov 15, 2021affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
- CVE-2021-28831Mar 19, 2021affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
- CVE-2019-5747Jan 9, 2019affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assura
- CVE-2018-20679Jan 9, 2019affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in
- CVE-2015-9261Jul 26, 2018affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.
- CVE-2018-1000517Jun 26, 2018affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appear
Page 1 of 2