CVE-2023-42364

CVE-2023-42364

Name

CVE-2023-42364

Description

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://bugs.busybox.net/show_bug.cgi?id=15868
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html

Type

URI

Exploit

https://bugs.busybox.net/show_bug.cgi?id=15868

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== n/a

CPE URI

Source package

Min version

Max version

n/a

== n/a

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
busybox	edge-main	1.36.1-r32	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	edge-main	1.36.1-r31	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	edge-main	1.36.1-r30	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	edge-main	1.36.1-r29	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.36.1-r28	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.36.1-r27	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.36.1-r26	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	edge-main	1.36.1-r25	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.22-main	1.36.1-r30	None	fixed
busybox	3.21-main	1.36.1-r30	None	fixed
busybox	3.20-main	1.36.1-r30	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	3.20-main	1.36.1-r29	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	3.20-main	1.36.1-r28	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.19-main	1.36.1-r20	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	3.19-main	1.36.1-r19	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	3.19-main	1.36.1-r18	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.19-main	1.36.1-r17	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.19-main	1.36.1-r16	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.18-main	1.36.1-r7	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed
busybox	3.18-main	1.36.1-r6	Sören Tempel <soeren+alpine@soeren-tempel.net>	possibly vulnerable
busybox	3.17-main	1.35.0-r31	Sören Tempel <soeren+alpine@soeren-tempel.net>	fixed

Source package

Branch

Version

Maintainer

Status

busybox

edge-main

1.36.1-r32

Sören Tempel <soeren+alpine@soeren-tempel.net>

fixed

busybox

edge-main