VYPR

hush

by Busybox

CVEs (2)

  • CVE-2021-42377CriNov 15, 2021
    risk 0.64cvss 9.8epss 0.03

    An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered…

  • CVE-2021-42376MedNov 15, 2021
    risk 0.36cvss 5.5epss 0.00

    A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.