Msrc Cm1 Busybox 1.34.1-1 On Cbl Mariner 1.0 vulnerabilities

10 known vulnerabilities affecting msrc/cm1_busybox_1.34.1-1_on_cbl_mariner_1.0.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH8MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2021-42386HIGHCVSS 7.22021-11-09
CVE-2021-42386 [HIGH] CWE-416 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of
msrc
CVE-2021-42379HIGHCVSS 7.22021-11-09
CVE-2021-42379 [HIGH] CWE-416 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulne
msrc
CVE-2021-42382HIGHCVSS 7.22021-11-09
CVE-2021-42382 [HIGH] CWE-416 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One
msrc
CVE-2021-42381HIGHCVSS 7.22021-11-09
CVE-2021-42381 [HIGH] CWE-416 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? On
msrc
CVE-2021-42384HIGHCVSS 7.22021-11-09
CVE-2021-42384 [HIGH] CWE-416 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnera
msrc
CVE-2021-42385HIGHCVSS 7.22021-11-09
CVE-2021-42385 [HIGH] CWE-416 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One
msrc
CVE-2021-42380HIGHCVSS 7.22021-11-09
CVE-2021-42380 [HIGH] CWE-416 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of t
msrc
CVE-2021-42378HIGHCVSS 7.22021-11-09
CVE-2021-42378 [HIGH] CWE-416 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One
msrc
CVE-2021-42374MEDIUMCVSS 5.32021-11-09
CVE-2021-42374 [MEDIUM] CWE-125 An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format tha An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that FAQ: Is Azure Linux the only Microsoft product that includes thi
msrc
CVE-2021-42376MEDIUMCVSS 5.52021-11-09
CVE-2021-42376 [MEDIUM] CWE-476 A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command due to missing validation after a \x03 delimiter character. This may be used for A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. FAQ: Is
msrc