| Bug | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2023-42366 | vulnerable (no DSA) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_ ... |
| CVE-2023-42365 | vulnerable (no DSA) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via ... |
| CVE-2023-42364 | vulnerable (no DSA) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to ... |
| CVE-2023-42363 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | A use-after-free vulnerability was discovered in xasprintf function in ... |
| CVE-2023-39810 | vulnerable (no DSA) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | An issue in the CPIO command of Busybox v1.33.2 allows attackers to ex ... |
| CVE-2022-48174 | vulnerable (no DSA) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | There is a stack overflow vulnerability in ash.c:6030 in busybox befor ... |
| CVE-2021-42386 | vulnerable (no DSA) | fixed | fixed | fixed | A use-after-free in Busybox's awk applet leads to denial of service an ... |
| CVE-2021-42385 | vulnerable (no DSA) | fixed | fixed | fixed | A use-after-free in Busybox's awk applet leads to denial of service an ... |
| CVE-2021-42384 | vulnerable (no DSA) | fixed | fixed | fixed | A use-after-free in Busybox's awk applet leads to denial of service an ... |
| CVE-2021-42383 | vulnerable (no DSA) | fixed | fixed | fixed | A use-after-free in Busybox's awk applet leads to denial of service an ... |
| CVE-2021-42382 | vulnerable (no DSA) | fixed | fixed | fixed | A use-after-free in Busybox's awk applet leads to denial of service an ... |
| CVE-2021-42381 | vulnerable (no DSA) | fixed | fixed | fixed | A use-after-free in Busybox's awk applet leads to denial of service an ... |
| CVE-2021-42380 | vulnerable (no DSA) | fixed | fixed | fixed | A use-after-free in Busybox's awk applet leads to denial of service an ... |
| CVE-2021-42379 | vulnerable (no DSA) | fixed | fixed | fixed | A use-after-free in Busybox's awk applet leads to denial of service an ... |
| CVE-2021-42378 | vulnerable (no DSA) | fixed | fixed | fixed | A use-after-free in Busybox's awk applet leads to denial of service an ... |
| CVE-2021-42377 | vulnerable (no DSA) | fixed | fixed | fixed | An attacker-controlled pointer free in Busybox's hush applet leads to ... |
| CVE-2021-28831 | vulnerable (no DSA) | fixed | fixed | fixed | decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit ... |
| Bug | Description |
|---|
| CVE-2022-28391 | BusyBox through 1.35.0 allows remote attackers to execute arbitrary co ... |
| CVE-2019-5747 | An issue was discovered in BusyBox through 1.30.0. An out of bounds re ... |
| CVE-2018-1000517 | BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c ... |
| CVE-2018-20679 | An issue was discovered in BusyBox before 1.30.0. An out of bounds rea ... |
| CVE-2017-16544 | In the add_match function in libbb/lineedit.c in BusyBox through 1.27. ... |
| CVE-2017-15874 | archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integ ... |
| CVE-2017-15873 | The get_next_block function in archival/libarchive/decompress_bunzip2. ... |
| CVE-2016-6301 | The recv_and_process_client_pkt function in networking/ntpd.c in busyb ... |
| CVE-2016-2148 | Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox befo ... |
| CVE-2016-2147 | Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 ... |
| CVE-2015-9261 | huft_build in archival/libarchive/decompress_gunzip.c in BusyBox befor ... |
| CVE-2014-9645 | The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 ... |
| CVE-2014-4607 | Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and ... |
| CVE-2013-1813 | util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for p ... |
| CVE-2011-5325 | Directory traversal vulnerability in the BusyBox implementation of tar ... |
| CVE-2011-2716 | The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP s ... |
| CVE-2010-0001 | Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 ... |
| CVE-2006-5050 | Directory traversal vulnerability in httpd in Rob Landley BusyBox allo ... |
| CVE-2006-1058 | BusyBox 1.1.1 does not use a salt when generating passwords, which mak ... |