17 matches found
SUSE-SU-2026:2053-1 Security update for busybox
This update for busybox fixes the following issue - CVE-2026-29004: Heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c bsc1263989...
CVE-2025-46394
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences...
EulerOS 2.0 SP11 : busybox (EulerOS-SA-2025-1150)
According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.CVE-2023-42365 A...
EulerOS 2.0 SP11 : busybox (EulerOS-SA-2025-1131)
According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.CVE-2023-42365 A...
SUSE-SU-2023:3820-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2022-48174: Fixed stack overflow vulnerability. bsc1214538...
SUSE-SU-2022:4371-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2022-30065: Fixed use-after-free in the AWK applet bsc1199744. - CVE-2014-9645: Fixed loading of unwanted module with / in module names bsc914660. - Update to 1.35.0 also introduced: - awk: fix printf %%, fix read beyond end of buffer -...
SUSE-SU-2022:4260-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2014-9645: Fixed loading of unwanted module with / in module names bsc914660. - Enable switchroot With this change virtme --force-initramfs works as expected. - Enable udhcpc Update to 1.35.0: - awk: fix printf %%, fix read beyond end of...
SUSE-SU-2022:4253-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2014-9645: Fixed loading of unwanted modules with / bsc914660. - CVE-2017-16544: Fixed insufficient sanitization of filenames when autocompleting bsc1069412. - CVE-2015-9261: Fixed huftbuild misuses a pointer, causing segfaults bsc1102912....
MGASA-2022-0135 Updated busybox packages fix security vulnerability
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. CVE-2022-28391...
SUSE-SU-2022:0135-2 Security update for busybox
This update for busybox fixes the following issues: - CVE-2011-5325: Fixed tar directory traversal bsc951562. - CVE-2015-9261: Fixed segfalts and application crashes in huftbuild bsc1102912. - CVE-2016-2147: Fixed out of bounds write heap due to integer underflow in udhcpc bsc970663. -...
SUSE-SU-2022:0135-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2011-5325: Fixed tar directory traversal bsc951562. - CVE-2015-9261: Fixed segfalts and application crashes in huftbuild bsc1102912. - CVE-2016-2147: Fixed out of bounds write heap due to integer underflow in udhcpc bsc970663. -...
OPENSUSE-SU-2022:0135-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2011-5325: Fixed tar directory traversal bsc951562. - CVE-2015-9261: Fixed segfalts and application crashes in huftbuild bsc1102912. - CVE-2016-2147: Fixed out of bounds write heap due to integer underflow in udhcpc bsc970663. -...
MGASA-2021-0533 Updated busybox packages fix security vulnerability
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. CVE-2021-42376 An attacker-controlled...
OPENSUSE-SU-2021:1408-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data bsc1184522. - CVE-2018-20679: Fixed out of bounds read in udhcp bsc1121426. - CVE-2018-1000517: Fixed buffer overflow in the retrievefiledata bsc1099260. -...
SUSE-SU-2021:3531-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data bsc1184522. - CVE-2018-20679: Fixed out of bounds read in udhcp bsc1121426. - CVE-2018-1000517: Fixed buffer overflow in the retrievefiledata bsc1099260. -...
CVE-2018-20679
An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components consumed by the DHCP server, client, and relay allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcpgetoption in...
MGASA-2013-0358 Updated busybox package fixes security vulnerability
It was found that the mdev BusyBox utility could create certain directories within /dev with world-writable permissions. A local unprivileged user could use this flaw to manipulate portions of the /dev directory tree CVE-2013-1813...