CVE-2023-42366 — Out-of-bounds Write in Busybox

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 93.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 27

Latest updateNov 28

Description

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

▶debiandebian/busybox< busybox 1:1.37.0-8 (forky)

▶Debianbusybox/busybox< 1:1.37.0-8

GHSA

GHSA-2vjj-r39q-gvxr: A heap-buffer-overflow was discovered in BusyBox v↗2023-11-28

▶

OSV

CVE-2023-42366: A heap-buffer-overflow was discovered in BusyBox v↗2023-11-27

▶

Red Hat

busybox: A heap-buffer-overflow↗2023-11-28

▶

Microsoft

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.↗2023-11-14

▶

Debian

CVE-2023-42366: busybox - A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token func...↗2023

▶