CVE-2021-42375

Name
CVE-2021-42375
Description
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
N/A https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:busybox:busybox:1.33.1:*:*:*:*:*:*:* busybox == None == 1.33.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
busybox 3.13-main 1.32.1-r7 Natanael Copa <ncopa@alpinelinux.org> fixed
busybox 3.12-main 1.31.1-r21 Natanael Copa <ncopa@alpinelinux.org> fixed
busybox 3.11-main 1.31.1-r11 Natanael Copa <ncopa@alpinelinux.org> fixed
busybox 3.14-main 1.33.1-r6 Natanael Copa <ncopa@alpinelinux.org> fixed