CVE-2021-42373 — NULL Pointer Dereference in Busybox

CWE-476 — NULL Pointer Dereference9 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 75.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Busybox Debian Busybox Fedoraproject Fedora

Timeline

PublishedNov 15

Latest updateNov 27

Description

A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/busybox< busybox 1:1.35.0-1 (bookworm)

▶CVEListV5busybox/busyboxunspecified — 1.34.0

▶Debianbusybox/busybox< 1:1.35.0-1+2

▶NVDbusybox/busybox1.33.0, 1.33.1+1

Also affects: Fedora 33, 34

🔴Vulnerability Details

GHSA

GHSA-6w3h-h7gw-72qf: A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given↗2022-05-24

▶

OSV

CVE-2021-42373: A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given↗2021-11-15

▶

📋Vendor Advisories

CISA ICS

Siemens SIMATIC S7-1500 TM MFP BIOS↗2023-06-15

▶

CISA ICS

Siemens SCALANCE Third-Party↗2023-03-21

▶

CISA ICS

Siemens SCALANCE, RUGGEDCOM Third-Party↗2023-03-16

▶

Red Hat

busybox: NULL pointer dereference in man applet leads to denial of service when a section name is supplied but no page argument is given↗2021-11-09

▶

Debian

CVE-2021-42373: busybox - A NULL pointer dereference in Busybox's man applet leads to denial of service wh...↗2021

▶

📄Research Papers

arXiv

UniBOM -- A Unified SBOM Analysis and Visualisation Tool for IoT Systems and Beyond↗2025-11-27

▶