MGASA-2021-0533
- Source
- https://advisories.mageia.org/MGASA-2021-0533.html
- Import Source
- https://advisories.mageia.org/MGASA-2021-0533.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2021-0533
- Related
- Published
- 2021-12-02T16:49:28Z
- Modified
- 2021-12-02T16:15:51Z
- Summary
- Updated busybox packages fix security vulnerability
- Details
-
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. (CVE-2021-42376)
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. (CVE-2021-42377)
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function. (CVE-2021-42378)
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nextinputfile function. (CVE-2021-42379)
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function. (CVE-2021-42380)
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function. (CVE-2021-42381)
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function. (CVE-2021-42382)
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function. (CVE-2021-42383)
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function. (CVE-2021-42384)
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function. (CVE-2021-42385)
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function. (CVE-2021-42386)
- References
- Credits
-
-
- Mageia - COORDINATOR
-