1708 matches found
Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: busybox: busybox-1.37.0-7.3.hum1 aarch64, x8664 busybox-petitboot-1.37.0-7.3.hum1 aarch64, x8664 busybox-shared-1.37.0-7.3.hum1 aarch64, x8664 busybox-1.37.0-7.3.hum1.src src Security Fixes:...
Astra Linux – Vulnerability in busybox
A use-after-free condition in Busybox’s awk applet leads to denial of service and potentially code execution when processing a crafted awk pattern in the getvari function...
Astra Linux – Vulnerability in busybox
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function...
Astra Linux – Vulnerability in busybox
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hashinit function...
Astra Linux – Vulnerability in busybox
An out-of-bounds heap read in Busybox’s unlzma applet leads to information leakage and denial of service when LZMA-compressed input is decompressed. This can be triggered by any applet/format that…...
Astra Linux – Vulnerability in busybox
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function...
Astra Linux – Vulnerability in busybox
A use-after-free condition in Busybox’s awk applet leads to denial of service and potentially code execution when processing a crafted awk pattern in the nextinputfile function...
Astra Linux – Vulnerability in busybox
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...
Astra Linux – Vulnerability in busybox
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handlespecial function...
Astra Linux – Vulnerability in busybox
A use-after-free in Busybox 1.35-x’s awk applet leads to denial of service and potentially code execution when processing a crafted awk pattern in the copyvar function...
Astra Linux – Vulnerability in busybox
There is a stack overflow vulnerability in ash.c:6030 in busybox before version 1.35. In the environment of the Internet of Vehicles, this vulnerability can lead to the execution of arbitrary code from commands...
Astra Linux – Vulnerability in busybox
The decompressgunzip.c file in BusyBox contains an issue where version 1.32.1 improperly handles the error bit associated with the huftbuild result pointer. This results in an invalid free operation or segmentation fault due to malformed gzip data...
Astra Linux – Vulnerability in busybox
Busybox contains a vulnerability related to SSL certificate validation. This vulnerability exists in the “busybox wget” applet, and it can lead to the execution of arbitrary code. This vulnerability appears to be exploitable by simply downloading any file over an HTTPS connection using “busybox...
Siemens RUGGEDCOM RST2428P Improper Access Control (CVE-2025-60876)
BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...
Siemens RUGGEDCOM RST2428P External Control of File Name or Path (CVE-2026-26157)
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...
Siemens RUGGEDCOM RST2428P External Control of File Name or Path (CVE-2026-26158)
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...
GHSA-XM63-5PJX-VRHP vulnerabilities
Vulnerabilities for packages: busybox...
CVE-2026-26157 vulnerabilities
Vulnerabilities for packages: busybox...
CVE-2026-26158 vulnerabilities
Vulnerabilities for packages: busybox...
GHSA-R8F8-4PGH-4M8V vulnerabilities
Vulnerabilities for packages: busybox...