Veracode Vulnerability DatabaseVERACODE:32924Denial Of Service (DoS)
5.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:N/A:P
busybox is vulnerable to denial of service. An out-of-bounds heap read in unlzma leads to information leak and application crash when crafted LZMA-compressed input is decompressed.
References
jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
lists.fedoraproject.org/archives/list/[email protected]/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
lists.fedoraproject.org/archives/list/[email protected]/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
security.netapp.com/advisory/ntap-20211223-0002/
Related
5.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H
3.3 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:N/A:P