Описание
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 1:1.27.2-2ubuntu3.3 |
| devel | not-affected | 1:1.30.1-6ubuntu3 |
| esm-infra-legacy/trusty | not-affected | |
| esm-infra/bionic | not-affected | 1:1.27.2-2ubuntu3.3 |
| esm-infra/focal | not-affected | 1:1.30.1-4ubuntu6.3 |
| esm-infra/xenial | not-affected | |
| focal | not-affected | 1:1.30.1-4ubuntu6.3 |
| hirsute | not-affected | 1:1.30.1-6ubuntu2 |
| impish | not-affected | 1:1.30.1-6ubuntu3 |
| jammy | not-affected | 1:1.30.1-6ubuntu3 |
Показывать по
EPSS
6.8 Medium
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.
An attacker-controlled pointer free in Busybox's hush applet leads to ...
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.
Уязвимость набора утилит командной строки BusyBox, связанная с освобождением неверного указателя, позволяющая нарушителю выполнить произвольный код
EPSS
6.8 Medium
CVSS2
9.8 Critical
CVSS3