CVE-2021-42375 — Improper Handling of Invalid Use of Special Elements in Busybox

CWE-159 — Improper Handling of Invalid Use of Special Elements CWE-20 — Improper Input Validation8 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 81.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Busybox Debian Busybox Fedoraproject Fedora

Timeline

PublishedNov 15

Latest updateJun 15

Description

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/busybox< busybox 1:1.35.0-1 (bookworm)

▶CVEListV5busybox/busyboxunspecified — 1.34.0

▶Debianbusybox/busybox< 1:1.35.0-1+2

▶NVDbusybox/busybox1.33.1

Also affects: Fedora 33, 34

🔴Vulnerability Details

GHSA

GHSA-h7xx-2pfg-qqhm: An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shel↗2022-05-24

▶

OSV

CVE-2021-42375: An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shel↗2021-11-15

▶

📋Vendor Advisories

CISA ICS

Siemens SIMATIC S7-1500 TM MFP BIOS↗2023-06-15

▶

CISA ICS

Siemens SCALANCE Third-Party↗2023-03-21

▶

CISA ICS

Siemens SCALANCE, RUGGEDCOM Third-Party↗2023-03-16

▶

Red Hat

busybox: incorrect handling of a special element in ash applet leads to denial of service when processing a crafted shell command↗2021-11-09

▶

Debian

CVE-2021-42375: busybox - An incorrect handling of a special element in Busybox's ash applet leads to deni...↗2021

▶