CVE-2021-42375

CVE-2021-42375

Name

CVE-2021-42375

Description

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
N/A	https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
CONFIRM	https://security.netapp.com/advisory/ntap-20211223-0002/
reefs@jfrog.com	https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog
reefs@jfrog.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
reefs@jfrog.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/

Type

URI

N/A

https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/

CONFIRM

https://security.netapp.com/advisory/ntap-20211223-0002/

reefs@jfrog.com

https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog

reefs@jfrog.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/

reefs@jfrog.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:busybox:busybox:1.33.1:::::::*`	busybox	== None	== 1.33.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:busybox:busybox:1.33.1:*:*:*:*:*:*:*

busybox

== None

== 1.33.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
busybox	edge-main	1.34.0_r0	None	fixed
busybox	edge-main	1.34.0-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
busybox	3.22-main	1.34.0-r0	None	fixed
busybox	3.21-main	1.34.0-r0	None	fixed
busybox	3.20-main	1.34.0-r0	None	fixed
busybox	3.19-main	1.34.0-r0	None	fixed
busybox	3.18-main	1.34.0-r0	None	fixed
busybox	3.17-main	1.34.0-r0	None	fixed
busybox	3.12-main	1.31.1-r21	Natanael Copa <ncopa@alpinelinux.org>	fixed
busybox	3.11-main	1.31.1-r11	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

busybox

edge-main

1.34.0_r0

None

fixed

busybox

edge-main