Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia: 2021-0533 Moderate: Busybox DoS and Code Execution Risks

mageia
Calendar Grey December 2, 2021
Dist Mageia Esm H88
Recent updates for busybox have been issued to address a security vulnerability that could lead to denial of service attacks and potential execution of malicious code.
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character

Summary

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. (CVE-2021-42376)
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. (CVE-2021-42377)
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function. (CVE-2021-42378)
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function. (CVE-2021-42379)
A use-after-free in Busybox's awk applet leads to...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=29697

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/

- https://www.cve.org/CVERecord?id=CVE-2021-42376

- https://www.cve.org/CVERecord?id=CVE-2021-42377

- https://www.cve.org/CVERecord?id=CVE-2021-42378

- https://www.cve.org/CVERecord?id=CVE-2021-42379

- https://www.cve.org/CVERecord?id=CVE-2021-42380

- https://www.cve.org/CVERecord?id=CVE-2021-42381

- https://www.cve.org/CVERecord?id=CVE-2021-42382

- https://www.cve.org/CVERecord?id=CVE-2021-42383

- https://www.cve.org/CVERecord?id=CVE-2021-42384

- https://www.cve.org/CVERecord?id=CVE-2021-42385

- https://www.cve.org/CVERecord?id=CVE-2021-42386

Topics%20covered

Topics Covered

security advisory denial of service code execution medium severity busybox Mageia

Resolution

SRPMS

- 8/core/busybox-1.34.1-1.mga8

Publication date: 02 Dec 2021
URL: https://advisories.mageia.org/MGASA-2021-0533.html
Type: security
CVE: CVE-2021-42376, CVE-2021-42377, CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386

Topics%20covered

Topics Covered

security advisory denial of service code execution medium severity busybox Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here