QwikSec

Security Database

CVE

CWE

Training

CVE-2021-42377

Published: Nov 15, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.

Vendor	Product	Versions
busybox	busybox	affected `unspecified - < 1.34.0`

Weaknesses (CWE)

References

https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/

FEDORA-2021-5a95823596

vendor-advisory

FEDORA-2021-c52c0fe490

vendor-advisory

https://security.netapp.com/advisory/ntap-20211223-0002/

https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.