Lucene search

K
ubuntuUbuntuUSN-5179-1
HistoryDec 07, 2021 - 12:00 a.m.

BusyBox vulnerabilities

2021-12-0700:00:00
ubuntu.com
314

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.1 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.3%

Releases

  • Ubuntu 21.10
  • Ubuntu 21.04
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 ESM

Packages

  • busybox - Tiny utilities for small and embedded systems

Details

It was discovered that BusyBox incorrectly handled certain malformed gzip
archives. If a user or automated system were tricked into processing a
specially crafted gzip archive, a remote attacker could use this issue to
cause BusyBox to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-28831)

It was discovered that BusyBox incorrectly handled certain malformed LZMA
archives. If a user or automated system were tricked into processing a
specially crafted LZMA archive, a remote attacker could use this issue to
cause BusyBox to crash, resulting in a denial of service, or possibly
leak sensitive information. (CVE-2021-42374)

Vera Mens, Uri Katz, Tal Keren, Sharon Brizinov, and Shachar Menashe
discovered that BusyBox incorrectly handled certain awk patterns. If a user
or automated system were tricked into processing a specially crafted awk
pattern, a remote attacker could use this issue to cause BusyBox to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381,
CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386)

OSVersionArchitecturePackageVersionFilename
Ubuntu21.10noarchbusybox< 1:1.30.1-6ubuntu3.1UNKNOWN
Ubuntu21.10noarchbusybox-dbgsym< 1:1.30.1-6ubuntu3.1UNKNOWN
Ubuntu21.10noarchbusybox-initramfs< 1:1.30.1-6ubuntu3.1UNKNOWN
Ubuntu21.10noarchbusybox-initramfs-dbgsym< 1:1.30.1-6ubuntu3.1UNKNOWN
Ubuntu21.10noarchbusybox-static< 1:1.30.1-6ubuntu3.1UNKNOWN
Ubuntu21.10noarchbusybox-static-dbgsym< 1:1.30.1-6ubuntu3.1UNKNOWN
Ubuntu21.10noarchbusybox-syslogd< 1:1.30.1-6ubuntu3.1UNKNOWN
Ubuntu21.10noarchudhcpc< 1:1.30.1-6ubuntu3.1UNKNOWN
Ubuntu21.10noarchudhcpd< 1:1.30.1-6ubuntu3.1UNKNOWN
Ubuntu21.04noarchbusybox< 1:1.30.1-6ubuntu2.1UNKNOWN
Rows per page:
1-10 of 381

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.1 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.3%