Alpine/busybox — 33 CVEs · VulnScope

pkg:Alpine/busybox

33 total CVEsCRITICAL3HIGH18MEDIUM10LOW2

✅ Check your installed version

All known vulnerabilities

CRITICAL9.8CVE-2022-48174There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35.
from 0, < 1.36.1-r1
CRITICAL9.8CVE-2021-42377An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a craft…
from 0, < 0
CRITICAL9.8Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vect…
from 0, < 1.24.2-r0
HIGH8.8BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compa…
from 0, < 1.31.1-r22
HIGH8.8In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of f…
from 0, < 1.27.2-r4
HIGH8.1Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code executio…
from 0, < 1.28.3-r2
HIGH7.8A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk patter…
from 0, < 1.32.1-r9
HIGH7.5busybox - security update
from 0, < 1.30.1-r5
HIGH7.5An issue was discovered in BusyBox through 1.30.0.
from 0, < 1.30.1-r2
HIGH7.5An issue was discovered in BusyBox before 1.30.0.
from 0, < 1.29.3-r10
HIGH7.5Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a ma…
from 0, < 1.24.2-r0
HIGH7.5The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and band…
from 0, < 1.24.2-r1
HIGH7.2A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
from 0, < 1.31.1-r11
HIGH7.2A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
from 0, < 1.31.1-r11
HIGH7.2A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
from 0, < 1.31.1-r11
HIGH7.2A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
from 0, < 1.31.1-r11
HIGH7.2A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
from 0, < 1.31.1-r11
HIGH7.2A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
from 0, < 1.31.1-r11
HIGH7.2A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
from 0, < 1.31.1-r11
HIGH7.2A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
from 0, < 1.31.1-r11
HIGH7.2A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
from 0, < 1.31.1-r11
MEDIUM5.5A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.
from 0, < 1.35.0-r18
MEDIUM5.5A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
from 0, < 1.35.0-r31
MEDIUM5.5A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c eva…
from 0, < 1.35.0-r31
MEDIUM5.5A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
from 0, < 1.35.0-r31
MEDIUM5.5A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing vali…
from 0, < 0
MEDIUM5.5An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due…
from 0, < 0
MEDIUM5.5A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
from 0, < 0
MEDIUM5.5archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.
from 0, < 1.27.2-r4
MEDIUM5.5The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write…
from 0, < 1.27.2-r4
MEDIUM5.3An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is…
from 0, < 1.31.1-r11
LOW3.3In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
from 0, < 1.36.1-r21
LOW2.5In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequ…
from 0, < 1.36.1-r21