Lucene search

K

JFROGCVELIST:CVE-2021-42377

HistoryNov 15, 2021 - 12:00 a.m.

CVE-2021-42377

2021-11-1500:00:00

CWE-590

JFROG

www.cve.org

1

9.8 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.2%

An attacker-controlled pointer free in Busybox’s hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.

CNA Affected

[
  {
    "vendor": "busybox",
    "product": "busybox",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.34.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog

jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/

security.netapp.com/advisory/ntap-20211223-0002/

9.8 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.2%

Related for CVELIST:CVE-2021-42377

ubuntucve1 veracode1 cve1 cnvd1 alpinelinux1 debiancve1 prion1 redhatcve1 nvd1 osv1 openvas9 mageia1 nessus7 fedora2 thn1 ics3 suse1 avleonov1