CVE-2022-48174

Опубликовано: 22 авг. 2023

Источник: redhat

CVSS3: 9.8

EPSS Низкий

Описание

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

A vulnerability was found in the BusyBox package. This issue occurs via a stack overflow vulnerability in ash.c in BusyBox, which may allow arbitrary code execution.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=2237153busybox: stack overflow vulnerability in ash.c leads to arbitrary code execution

EPSS

Процентиль: 63%

0.00463

Низкий

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2022-48174

CVSS3: 9.8

ubuntu

около 2 лет назад

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

CVE-2022-48174

CVSS3: 9.8

nvd

около 2 лет назад

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

CVE-2022-48174

CVSS3: 9.8

msrc

около 2 месяцев назад

Описание отсутствует

CVE-2022-48174

CVSS3: 9.8

debian

около 2 лет назад

There is a stack overflow vulnerability in ash.c:6030 in busybox befor ...

SUSE-SU-2023:3820-1

suse-cvrf

почти 2 года назад

Security update for busybox

EPSS

Процентиль: 63%

0.00463

Низкий

9.8 Critical

CVSS3