Search CVE reports
1 – 10 of 51 results
(A heap overflow in the evalcommand() function (shell/ash.c) of Busybox ...)
1 affected package
busybox
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| busybox | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
(A heap overflow in the ifsbreakup() function (shell/ash.c) of Busybox ...)
1 affected package
busybox
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| busybox | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
(A use-after-free in the awk_sub() function (editors/awk.c) of Busybox ...)
1 affected package
busybox
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| busybox | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
(A stack overflow in the evaluate() function (editors/awk.c) of BusyBox ...)
1 affected package
busybox
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| busybox | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attackers to trigger memory...
1 affected package
busybox
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| busybox | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar...
1 affected package
busybox
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| busybox | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the...
1 affected package
busybox
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| busybox | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the...
1 affected package
busybox
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| busybox | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.
1 affected package
busybox
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| busybox | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
1 affected package
busybox
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| busybox | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |