CVE-2022-48174

Опубликовано: 22 авг. 2023

Источник: redhat

CVSS3: 9.8

Описание

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

A vulnerability was found in the BusyBox package. This issue occurs via a stack overflow vulnerability in ash.c in BusyBox, which may allow arbitrary code execution.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=2237153busybox: stack overflow vulnerability in ash.c leads to arbitrary code execution

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2022-48174

CVSS3: 9.8

ubuntu

почти 2 года назад

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

CVE-2022-48174

CVSS3: 9.8

nvd

почти 2 года назад

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

CVE-2022-48174

CVSS3: 9.8

msrc

4 месяца назад

Описание отсутствует

CVE-2022-48174

CVSS3: 9.8

debian

почти 2 года назад

There is a stack overflow vulnerability in ash.c:6030 in busybox befor ...

SUSE-SU-2023:3820-1

suse-cvrf

больше 1 года назад

Security update for busybox

9.8 Critical

CVSS3