CVE-2023-42363

CVE-2023-42363

Name

CVE-2023-42363

Description

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://bugs.busybox.net/show_bug.cgi?id=15865

Type

URI

Exploit

https://bugs.busybox.net/show_bug.cgi?id=15865

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:busybox:busybox:1.36.1:::::::*`	busybox	== 1.36.1	== 1.36.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:*

busybox

== 1.36.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
busybox	edge-main	1.36.1-r32	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	edge-main	1.36.1-r31	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	edge-main	1.36.1-r30	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	edge-main	1.36.1-r29	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	edge-main	1.36.1-r28	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	edge-main	1.36.1-r27	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	edge-main	1.36.1-r26	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.36.1-r25	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.36.1-r2	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.22-main	1.36.1-r30	None	fixed
busybox	3.22-main	1.36.1-r27	None	fixed
busybox	3.22-main	1.36.1-r25	None	possibly vulnerable
busybox	3.22-main	1.36.1-r2	None	possibly vulnerable
busybox	3.21-main	1.36.1-r30	None	fixed
busybox	3.21-main	1.36.1-r27	None	fixed
busybox	3.21-main	1.36.1-r25	None	possibly vulnerable
busybox	3.21-main	1.36.1-r2	None	possibly vulnerable
busybox	3.20-main	1.36.1-r31	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	3.20-main	1.36.1-r30	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	3.20-main	1.36.1-r29	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	3.20-main	1.36.1-r28	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	3.20-main	1.36.1-r27	None	fixed
busybox	3.20-main	1.36.1-r25	None	possibly vulnerable
busybox	3.20-main	1.36.1-r2	None	possibly vulnerable
busybox	3.19-main	1.36.1-r21	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	3.19-main	1.36.1-r20	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	3.19-main	1.36.1-r19	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	3.19-main	1.36.1-r18	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	3.19-main	1.36.1-r17	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	3.19-main	1.36.1-r16	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.19-main	1.36.1-r2	None	possibly vulnerable
busybox	3.18-main	1.36.1-r7	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	3.18-main	1.36.1-r6	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.17-main	1.35.0-r31	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed

Source package

Branch

Version

Maintainer

Status

busybox

edge-main

1.36.1-r32

Sören Tempel <soeren+alpine@soeren-tempel.net>

fixed

busybox

edge-main