CVE-2023-42363Use After Free in Busybox

CWE-416Use After Free8 documents7 sources
Severity
5.5MEDIUMNVD
OSV9.8
EPSS
0.0%
top 92.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
BusyboxDebian BusyboxMsrc Azl3 Busybox 1.36.1-12 ON Azure Linux 3.0+7 more
Timeline
PublishedNov 27
Latest updateAug 14

Description

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages12 packages

debiandebian/busybox< busybox 1:1.37.0-1 (forky)
Debianbusybox/busybox< 1:1.37.0-1+1
Ubuntubusybox/busybox< 1:1.30.1-4ubuntu6.5+2
NVDbusybox/busybox1.36.1

🔴Vulnerability Details

3
OSV
busybox vulnerabilities2024-08-14
GHSA
GHSA-wm78-9prw-c5h4: A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf2023-11-28
OSV
CVE-2023-42363: A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf2023-11-27

📋Vendor Advisories

4
Ubuntu
BusyBox vulnerabilities2024-08-14
Red Hat
busybox: use-after-free in awk2023-11-28
Microsoft
A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.2023-11-14
Debian
CVE-2023-42363: busybox - A use-after-free vulnerability was discovered in xasprintf function in xfuncs_pr...2023