CVE-2021-42382Use After Free in Busybox

CWE-416Use After Free12 documents8 sources
Severity
7.2HIGHNVD
OSV7.5
EPSS
0.3%
top 44.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
BusyboxDebian BusyboxFedoraproject Fedora+2 more
Timeline
PublishedNov 15
Latest updateJun 15

Description

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages7 packages

debiandebian/busybox< busybox 1:1.35.0-1 (bookworm)
CVEListV5busybox/busyboxunspecified1.34.0
Debianbusybox/busybox< 1:1.30.1-6+deb11u1+3
Ubuntubusybox/busybox< 1:1.27.2-2ubuntu3.4+1
NVDbusybox/busybox1.26.01.33.1

Also affects: Fedora 33, 34

🔴Vulnerability Details

3
GHSA
GHSA-xpm2-jxrf-prmx: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s2022-05-24
OSV
busybox vulnerabilities2021-12-07
OSV
CVE-2021-42382: A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s2021-11-15

📋Vendor Advisories

8
CISA ICS
Siemens SIMATIC S7-1500 TM MFP BIOS2023-06-15
CISA ICS
​Siemens SINAMICS Medium Voltage Products2023-06-15
CISA ICS
Siemens SCALANCE Third-Party2023-03-21
CISA ICS
Siemens SCALANCE, RUGGEDCOM Third-Party2023-03-16
Ubuntu
BusyBox vulnerabilities2021-12-07