Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: BusyBox Moderate Use-After-Free Vulnerability 2025:03271-1

suse
Calendar Grey September 18, 2025
Dist Suse Esm H88
SUSE published an important security alert for busybox, concerning critical use-after-free flaws. Users are advised to perform an upgrade immediately.
* bsc#1203397 * bsc#1203399 * bsc#1206798 * bsc#1215943 * bsc#1217580

Summary

## This update for busybox, busybox-links fixes the following issues: Updated to version 1.37.0 (jsc#PED-13039): * CVE-2023-42363: Fixed use-after-free vulnerability in xasprintf function in xfuncs_printf.c (bsc#1217580) * CVE-2023-42364: Fixed use-after-free in the awk.c evaluate function (bsc#1217584) * CVE-2023-42365: Fixed use-after-free in the awk.c copyvar function (bsc#1217585) Other fixes: * fix generation of file lists via Dockerfile * add copy of busybox.links from the container to catch changes to busybox config * Blacklist creating links for halt, reboot, shutdown commands to avoid accidental use in a fully booted system (bsc#1243201) * Add getfattr applet to attr filelist * busybox-udhcpc conflicts with udhcp. * Add new sub-package for udhcpc

Topics%20covered

Topics Covered

security advisory moderate SuSE system integrity busybox use-after-free

References

* bsc#1203397

* bsc#1203399

* bsc#1206798

* bsc#1215943

* bsc#1217580

* bsc#1217584

* bsc#1217585

* bsc#1217883

* bsc#1239176

* bsc#1243201

* jsc#PED-13039

* jsc#SLE-24210

* jsc#SLE-24211

Cross-

* CVE-2023-42363

* CVE-2023-42364

* CVE-2023-42365

CVSS scores:

* CVE-2023-42363 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2023-42363 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2023-42364 ( SUSE ): 5.1

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2023-42364 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2023-42364 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2023-42364 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Announcement ID: SUSE-SU-2025:03271-1
Release Date: 2025-09-18T13:34:17Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate SuSE system integrity busybox use-after-free

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here