Your submission was sent successfully! Close

CVE-2021-42375

Published: 15 November 2021

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.

Notes

AuthorNote
mdeslaur
1.33.1 only
Priority

Negligible

CVSS 3 base score: 5.5

Status

Package Release Status
busybox
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(1:1.27.2-2ubuntu3.3)
focal Not vulnerable
(1:1.30.1-4ubuntu6.3)
hirsute Not vulnerable
(1:1.30.1-6ubuntu2)
impish Not vulnerable
(1:1.30.1-6ubuntu3)
jammy Not vulnerable
(1:1.30.1-6ubuntu3)
trusty Not vulnerable

upstream
Released (1.34.0)
xenial Not vulnerable