A use-after-free in Busyboxβs awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function
[
{
"vendor": "busybox",
"product": "busybox",
"versions": [
{
"version": "unspecified",
"lessThan": "1.34.0",
"status": "affected",
"versionType": "custom"
}
]
}
]
claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog
jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
security.netapp.com/advisory/ntap-20211223-0002/