Busybox
by Busybox
Source repositories
CVEs (46)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-42382 | 0.00 | — | 0.03 | Nov 15, 2021 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function | |||
| CVE-2021-28831 | 0.00 | — | 0.03 | Mar 19, 2021 | decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. | |||
| CVE-2019-5747 | 0.00 | — | 0.05 | Jan 9, 2019 | An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to… | |||
| CVE-2013-1813 | 0.00 | — | 0.01 | Nov 23, 2013 | util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors. | |||
| CVE-2011-2716 | 0.00 | — | 0.02 | Jul 3, 2012 | The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options. | |||
| CVE-2006-5050 | 0.00 | — | 0.02 | Sep 27, 2006 | Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI. |
- CVE-2021-42382Nov 15, 2021risk 0.00cvss —epss 0.03
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function
- CVE-2021-28831Mar 19, 2021risk 0.00cvss —epss 0.03
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
- CVE-2019-5747Jan 9, 2019risk 0.00cvss —epss 0.05
An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to…
- CVE-2013-1813Nov 23, 2013risk 0.00cvss —epss 0.01
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.
- CVE-2011-2716Jul 3, 2012risk 0.00cvss —epss 0.02
The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.
- CVE-2006-5050Sep 27, 2006risk 0.00cvss —epss 0.02
Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI.
Page 3 of 3