Lucene search

K
cvelistJFROGCVELIST:CVE-2021-42377
HistoryNov 15, 2021 - 12:00 a.m.

CVE-2021-42377

2021-11-1500:00:00
CWE-590
JFROG
www.cve.org
1

9.8 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.2%

An attacker-controlled pointer free in Busybox’s hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.

CNA Affected

[
  {
    "vendor": "busybox",
    "product": "busybox",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.34.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

9.8 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.2%