Busybox: >> Busybox >> 1.18.3 Security Vulnerabilities
The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.
CVSS Score
7.5
EPSS Score
0.031
Published
2016-12-09
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.
CVSS Score
7.2
EPSS Score
0.001
Published
2013-11-23
The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.
CVSS Score
6.8
EPSS Score
0.007
Published
2012-07-03
Page 3