CVE-2023-42366

Name
CVE-2023-42366
Description
A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://bugs.busybox.net/show_bug.cgi?id=15874
af854a3a-2127-422b-91ae-364da2661108 https://security.netapp.com/advisory/ntap-20241206-0007/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:busybox:busybox:1.36.1:*:*:*:*:*:*:* busybox == None == 1.36.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
busybox edge-main 1.36.1-r32 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox edge-main 1.36.1-r31 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox edge-main 1.36.1-r30 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox edge-main 1.36.1-r29 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox edge-main 1.36.1-r28 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox edge-main 1.36.1-r27 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox edge-main 1.36.1-r26 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox edge-main 1.36.1-r25 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox edge-main 1.36.1-r2 Sören Tempel <soeren+alpine@soeren-tempel.net> possibly vulnerable
busybox 3.22-main 1.36.1-r30 None fixed
busybox 3.22-main 1.36.1-r27 None fixed
busybox 3.22-main 1.36.1-r25 None fixed
busybox 3.22-main 1.36.1-r2 None possibly vulnerable
busybox 3.21-main 1.36.1-r30 None fixed
busybox 3.21-main 1.36.1-r27 None fixed
busybox 3.21-main 1.36.1-r25 None fixed
busybox 3.21-main 1.36.1-r2 None possibly vulnerable
busybox 3.20-main 1.36.1-r31 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox 3.20-main 1.36.1-r30 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox 3.20-main 1.36.1-r29 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox 3.20-main 1.36.1-r28 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox 3.20-main 1.36.1-r27 None fixed
busybox 3.20-main 1.36.1-r25 None fixed
busybox 3.20-main 1.36.1-r2 None possibly vulnerable
busybox 3.19-main 1.36.1-r21 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox 3.19-main 1.36.1-r20 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox 3.19-main 1.36.1-r19 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox 3.19-main 1.36.1-r18 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox 3.19-main 1.36.1-r17 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox 3.19-main 1.36.1-r16 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox 3.19-main 1.36.1-r2 None possibly vulnerable
busybox 3.18-main 1.36.1-r7 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox 3.18-main 1.36.1-r6 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed
busybox 3.17-main 1.35.0-r30 Sören Tempel <soeren+alpine@soeren-tempel.net> fixed