CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
12.7%
A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a
crafted awk pattern in the awk.c copyvar function.
Author | Note |
---|---|
eslerm | CVE-2023-42364 and CVE-2023-42365 share a patch, see both bugs upstream’s patch contains a regression alpine has a patch for the regression upstream introduced |
lists.busybox.net/pipermail/busybox/2024-May/090762.html
gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch
launchpad.net/bugs/cve/CVE-2023-42365
nvd.nist.gov/vuln/detail/CVE-2023-42365
security-tracker.debian.org/tracker/CVE-2023-42365
www.cve.org/CVERecord?id=CVE-2023-42365
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
12.7%