Your submission was sent successfully! Close

CVE-2021-42376

Published: 15 November 2021

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.

Notes

AuthorNote
mdeslaur
hush is not build in Ubuntu packages.
Priority

Negligible

CVSS 3 base score: 5.5

Status

Package Release Status
busybox
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not compiled)
focal Not vulnerable
(code not compiled)
hirsute Not vulnerable
(code not compiled)
impish Not vulnerable
(code not compiled)
jammy Not vulnerable
(code not compiled)
trusty Not vulnerable
(code not compiled)
upstream
Released (1.34.0)
xenial Not vulnerable
(code not compiled)