Busybox: >> Busybox >> 1.33.2 Security Vulnerabilities
An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-08-28
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-08-22
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.
CVSS Score
8.8
EPSS Score
0.072
Published
2022-04-03
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-11-15