Your submission was sent successfully! Close

CVE-2022-30065

Published: 18 May 2022

A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.

Notes

AuthorNote
sbeattie
unfixed as of 2022.05.19
Priority

Low

CVSS 3 base score: 7.8

Status

Package Release Status
busybox
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal Not vulnerable
(code not present)
impish Not vulnerable
(code not present)
jammy Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Not vulnerable
(code not present)
xenial Not vulnerable
(code not present)
Patches:
upstream: https://git.busybox.net/busybox/commit/?id=e63d7cdfdac78c6fd27e9e63150335767592b85e