VYPR

Busybox

by Busybox

Source repositories

CVEs (46)

  • CVE-2021-42382Nov 15, 2021
    risk 0.00cvss epss 0.03

    A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function

  • CVE-2021-28831Mar 19, 2021
    risk 0.00cvss epss 0.03

    decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

  • CVE-2019-5747Jan 9, 2019
    risk 0.00cvss epss 0.05

    An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to…

  • CVE-2013-1813Nov 23, 2013
    risk 0.00cvss epss 0.01

    util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.

  • CVE-2011-2716Jul 3, 2012
    risk 0.00cvss epss 0.02

    The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.

  • CVE-2006-5050Sep 27, 2006
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI.

Page 3 of 3