Information on source package busybox

Available versions

ReleaseVersion
jessie1:1.22.0-9+deb8u5
stretch1:1.22.0-19+deb9u2
buster1:1.30.1-4
bullseye1:1.30.1-6
bookworm1:1.35.0-4
trixie1:1.37.0-4
sid1:1.37.0-4

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-42366vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA, postponed)vulnerablevulnerableA heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_ ...
CVE-2023-42365vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA, postponed)vulnerablevulnerableA use-after-free vulnerability was discovered in BusyBox v.1.36.1 via ...
CVE-2023-42364vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA, postponed)vulnerablevulnerableA use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to ...
CVE-2023-42363vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedfixedA use-after-free vulnerability was discovered in xasprintf function in ...
CVE-2023-39810vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA, postponed)vulnerablevulnerableAn issue in the CPIO command of Busybox v1.33.2 allows attackers to ex ...
CVE-2022-48174vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA, postponed)vulnerablevulnerableThere is a stack overflow vulnerability in ash.c:6030 in busybox befor ...
CVE-2021-42386vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedA use-after-free in Busybox's awk applet leads to denial of service an ...
CVE-2021-42385vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedA use-after-free in Busybox's awk applet leads to denial of service an ...
CVE-2021-42384vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedA use-after-free in Busybox's awk applet leads to denial of service an ...
CVE-2021-42383vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedA use-after-free in Busybox's awk applet leads to denial of service an ...
CVE-2021-42382vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedA use-after-free in Busybox's awk applet leads to denial of service an ...
CVE-2021-42381vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedA use-after-free in Busybox's awk applet leads to denial of service an ...
CVE-2021-42380vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedA use-after-free in Busybox's awk applet leads to denial of service an ...
CVE-2021-42379vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedA use-after-free in Busybox's awk applet leads to denial of service an ...
CVE-2021-42378vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedA use-after-free in Busybox's awk applet leads to denial of service an ...
CVE-2021-42377fixedfixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedAn attacker-controlled pointer free in Busybox's hush applet leads to ...
CVE-2021-28831fixedfixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedfixeddecompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit ...
CVE-2018-20679vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedfixedAn issue was discovered in BusyBox before 1.30.0. An out of bounds rea ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2022-30065vulnerablevulnerablevulnerablevulnerablevulnerablefixedfixedA use-after-free in Busybox 1.35-x's awk applet leads to denial of ser ...
CVE-2021-42376fixedfixedvulnerablevulnerablefixedfixedfixedA NULL pointer dereference in Busybox's hush applet leads to denial of ...
CVE-2021-42375vulnerablevulnerablevulnerablevulnerablefixedfixedfixedAn incorrect handling of a special element in Busybox's ash applet lea ...
CVE-2021-42374fixedfixedvulnerablevulnerablefixedfixedfixedAn out-of-bounds heap read in Busybox's unlzma applet leads to informa ...
CVE-2021-42373vulnerablevulnerablevulnerablevulnerablefixedfixedfixedA NULL pointer dereference in Busybox's man applet leads to denial of ...
CVE-2018-1000500vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableBusybox contains a Missing SSL certificate validation vulnerability in ...
CVE-2016-6301vulnerablevulnerablefixedfixedfixedfixedfixedThe recv_and_process_client_pkt function in networking/ntpd.c in busyb ...

Resolved issues

BugDescription
CVE-2022-28391BusyBox through 1.35.0 allows remote attackers to execute arbitrary co ...
CVE-2019-5747An issue was discovered in BusyBox through 1.30.0. An out of bounds re ...
CVE-2018-1000517BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c ...
CVE-2017-16544In the add_match function in libbb/lineedit.c in BusyBox through 1.27. ...
CVE-2017-15874archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integ ...
CVE-2017-15873The get_next_block function in archival/libarchive/decompress_bunzip2. ...
CVE-2016-2148Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox befo ...
CVE-2016-2147Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 ...
CVE-2015-9261huft_build in archival/libarchive/decompress_gunzip.c in BusyBox befor ...
CVE-2014-9645The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 ...
CVE-2014-4607Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and ...
CVE-2013-1813util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for p ...
CVE-2011-5325Directory traversal vulnerability in the BusyBox implementation of tar ...
CVE-2011-2716The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP s ...
CVE-2010-0001Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 ...
CVE-2006-5050Directory traversal vulnerability in httpd in Rob Landley BusyBox allo ...
CVE-2006-1058BusyBox 1.1.1 does not use a salt when generating passwords, which mak ...

Security announcements

DSA / DLADescription
DLA-2614-1busybox - security update
ELA-395-1busybox - security update
DLA-2559-1busybox - security update
ELA-20-2busybox - regression update
DLA-1445-3busybox - regression update
DLA-1445-2busybox - regression update
DLA-1445-1busybox - security update
ELA-20-1busybox - security update
DLA-337-1busybox - security update

Search for package or bug name: Reporting problems