Ubuntu.comUB:CVE-2023-42364CVE-2023-42364
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.9%
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to
cause a denial of service via a crafted awk pattern in the awk.c evaluate
function.
Bugs
- <https://bugs.busybox.net/show_bug.cgi?id=15868>
- <https://bugs.busybox.net/show_bug.cgi?id=15871 (bug for CVE-2023-42365)>
Notes
| Author | Note |
|---|---|
| eslerm | CVE-2023-42364 and CVE-2023-42365 share a patch, see both bugs upstream’s patch contains a regression alpine has a patch for the regression upstream introduced |
| mdeslaur | as of 2024-06-17, there is no fix from upstream for the regression, deferring for now |
References
lists.busybox.net/pipermail/busybox/2024-May/090762.html
gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch
launchpad.net/bugs/cve/CVE-2023-42364
nvd.nist.gov/vuln/detail/CVE-2023-42364
security-tracker.debian.org/tracker/CVE-2023-42364
www.cve.org/CVERecord?id=CVE-2023-42364
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
12.9%