CVE-2021-42379

Опубликовано: 09 нояб. 2021

Источник: redhat

CVSS3: 6.6

EPSS Низкий

Описание

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function

A flaw was found in BusyBox, where it did not properly sanitize while processing a crafted awk pattern in the next_input_file function, leading to possible code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	busybox	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=2023904busybox: use-after-free in awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file()

EPSS

Процентиль: 36%

0.00145

Низкий

6.6 Medium

CVSS3

Связанные уязвимости

CVE-2021-42379

CVSS3: 7.2

ubuntu

больше 3 лет назад

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function

CVE-2021-42379

CVSS3: 7.2

nvd

больше 3 лет назад

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function

CVE-2021-42379

CVSS3: 7.2

msrc

больше 3 лет назад

Описание отсутствует

CVE-2021-42379

CVSS3: 7.2

debian

больше 3 лет назад

A use-after-free in Busybox's awk applet leads to denial of service an ...

GHSA-qg2h-cx9q-v8wg

CVSS3: 7.2

github

около 3 лет назад

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function

EPSS

Процентиль: 36%

0.00145

Низкий

6.6 Medium

CVSS3