cbcvebase.
CVE-2022-48174
published 2023-08-22

CVE-2022-48174: There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.98%
85.6th percentile
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

Affected

15 ranges
VendorProductVersion rangeFixed in
busyboxbusybox<= 1.36.1
busyboxbusybox>= 0 < 1:1.30.1-6+deb11u11:1.30.1-6+deb11u1
busyboxbusybox>= 0 < 1:1.37.0-11:1.37.0-1
busyboxbusybox>= 0 < 1:1.37.0-11:1.37.0-1
busyboxbusybox>= 0 < 1:1.30.1-4ubuntu6.51:1.30.1-4ubuntu6.5
busyboxbusybox>= 0 < 1:1.30.1-7ubuntu3.11:1.30.1-7ubuntu3.1
busyboxbusybox>= 0 < 1:1.36.1-6ubuntu3.11:1.36.1-6ubuntu3.1
busyboxbusybox>= 0 < 1:1.21.0-1ubuntu1.4+esm11:1.21.0-1ubuntu1.4+esm1
busyboxbusybox>= 0 < 1:1.22.0-15ubuntu1.4+esm21:1.22.0-15ubuntu1.4+esm2
busyboxbusybox>= 0 < 1:1.27.2-2ubuntu3.4+esm11:1.27.2-2ubuntu3.4+esm1
debianbusybox< busybox 1:1.30.1-6+deb11u1 (bullseye)busybox 1:1.30.1-6+deb11u1 (bullseye)
debiandebian_linux
msrcazl3_busybox_1.36.1-13_on_azure_linux_3.0
msrccbl2_busybox_1.35.0-13_on_cbl_mariner_2.0
msrccbl2_busybox_1.35.0-14_on_cbl_mariner_2.0

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is located specifically at ash.c:6030 in BusyBox before 1.35; monitor for stack overflow conditions triggered via crafted input to the ash shell component
  • Attack vector is triggered by processing a specially crafted file through BusyBox arithmetic operations; inspect file-processing pipelines involving BusyBox ash for anomalous input
  • Exploitation can lead to arbitrary code execution from command context; monitor BusyBox ash shell processes for unexpected child process spawning or privilege escalation
  • Remotely exploitable over HTTP (CVSS 9.8); monitor network-facing BusyBox deployments (e.g., IoT/IoV devices) for unexpected inbound HTTP requests triggering shell execution
  • ·Only BusyBox versions before 1.35 are vulnerable; verify installed BusyBox version on all IoT/IoV and embedded Linux devices
  • ·No mitigation is currently available from Red Hat that meets their deployment/stability criteria; patching to a fixed version is the primary remediation path
  • ·Microsoft Azure Linux (CBL-Mariner) is confirmed affected; other Microsoft products may also be impacted but have not yet been identified

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_msrc9.8CRITICAL
vendor_oracle9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.