BusyBox 1.32.1

CPE Details

BusyBox 1.32.1
busybox
busybox
1.32.1
2021-03-19
15h45 +00:00
2021-04-06
18h04 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:busybox:busybox:1.32.1:*:*:*:*:*:*:*

Informations

Vendor

busybox

Product

busybox

Version

1.32.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-48174 2023-08-21 22h00 +00:00 There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.
9.8
Critical
CVE-2022-28391 2022-04-03 18h20 +00:00 BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.
8.8
High
CVE-2021-42378 2021-11-15 00h00 +00:00 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function
7.2
High
CVE-2021-42379 2021-11-15 00h00 +00:00 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function
7.2
High
CVE-2021-42380 2021-11-15 00h00 +00:00 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function
7.2
High
CVE-2021-42381 2021-11-15 00h00 +00:00 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function
7.2
High
CVE-2021-42382 2021-11-15 00h00 +00:00 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function
7.2
High
CVE-2021-42384 2021-11-15 00h00 +00:00 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function
7.2
High
CVE-2021-42385 2021-11-15 00h00 +00:00 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
7.2
High
CVE-2021-42386 2021-11-15 00h00 +00:00 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function
7.2
High
CVE-2021-42374 2021-11-14 23h00 +00:00 An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that
5.3
Medium
CVE-2021-42376 2021-11-14 23h00 +00:00 A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
5.5
Medium
CVE-2021-28831 2021-03-19 03h01 +00:00 decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.