Vulnerabilities in busybox
16 resultsCVE-2021-42377—An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafteEPSS 3.4%CVE-2021-42380HIGHA use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in theEPSS 2.9%CVE-2021-42379HIGHA use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in theEPSS 2.7%CVE-2021-42381HIGHA use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in theEPSS 2.7%CVE-2021-42385HIGHA use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in theEPSS 2.7%CVE-2021-42386HIGHA use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in theEPSS 2.6%CVE-2021-42382HIGHA use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in theEPSS 2.6%CVE-2021-42378HIGHA use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in theEPSS 2.6%CVE-2021-42384HIGHA use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in theEPSS 2.6%CVE-2021-42383HIGHA use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in theEPSS 2.1%CVE-2021-42374MEDIUMAn out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is EPSS 0.6%CVE-2021-42376—A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validEPSS 0.4%CVE-2021-42375MEDIUMAn incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due tEPSS 0.4%CVE-2021-42373—A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is givenEPSS 0.4%CVE-2024-58251LOWIn netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequeEPSS 0.2%CVE-2025-46394LOWIn tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.EPSS 0.1%