Busybox: >> Busybox >> 1.36.1 Security Vulnerabilities
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
CVSS Score
3.2
EPSS Score
0.0
Published
2025-04-23
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-11-27
A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-11-27
A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-11-27
A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-11-27
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-08-22