RSS   Vulnerabilities for 'Busybox'   RSS

2021-11-15
 
CVE-2021-42373

CWE-476
 

 
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given

 
 
CVE-2021-42374

CWE-125
 

 
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that

 
 
CVE-2021-42375

NVD-CWE-Other
 

 
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.

 
 
CVE-2021-42376

CWE-476
 

 
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.

 
 
CVE-2021-42377

CWE-763
 

 
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.

 
 
CVE-2021-42378

CWE-416
 

 
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function

 
 
CVE-2021-42379

CWE-416
 

 
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function

 
 
CVE-2021-42380

CWE-416
 

 
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function

 
 
CVE-2021-42381

CWE-416
 

 
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function

 
 
CVE-2021-42382

CWE-416
 

 
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function

 


Copyright 2024, cxsecurity.com

 

Back to Top