mkinitcpio-busybox

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Base initramfs tools
Version 1.36.1-1 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2562 1.33.1-1 1.34.1-1 Medium Fixed
AVG-1708 1.32.1-2 1.32.1-3 Low Fixed FS#70075
AVG-514 1.27.2-1 1.28.1-1 High Fixed FS#56391
Issue Group Severity Remote Type Description
CVE-2021-42386 AVG-2562 Medium No Arbitrary code execution
A use-after-free in Busybox's awk applet before version 1.34.0 leads to denial of service and possibly code execution when processing a crafted awk pattern...
CVE-2021-42385 AVG-2562 Medium No Arbitrary code execution
A use-after-free in Busybox's awk applet before version 1.34.0 leads to denial of service and possibly code execution when processing a crafted awk pattern...
CVE-2021-42384 AVG-2562 Medium No Arbitrary code execution
A use-after-free in Busybox's awk applet before version 1.34.0 leads to denial of service and possibly code execution when processing a crafted awk pattern...
CVE-2021-42383 AVG-2562 Medium No Arbitrary code execution
A use-after-free in Busybox's awk applet before version 1.34.0 leads to denial of service and possibly code execution when processing a crafted awk pattern...
CVE-2021-42382 AVG-2562 Medium No Arbitrary code execution
A use-after-free in Busybox's awk applet before version 1.34.0 leads to denial of service and possibly code execution when processing a crafted awk pattern...
CVE-2021-42381 AVG-2562 Medium No Arbitrary code execution
A use-after-free in Busybox's awk applet before version 1.34.0 leads to denial of service and possibly code execution when processing a crafted awk pattern...
CVE-2021-42380 AVG-2562 Medium No Arbitrary code execution
A use-after-free in Busybox's awk applet before version 1.34.0 leads to denial of service and possibly code execution when processing a crafted awk pattern...
CVE-2021-42379 AVG-2562 Medium No Arbitrary code execution
A use-after-free in Busybox's awk applet before version 1.34.0 leads to denial of service and possibly code execution when processing a crafted awk pattern...
CVE-2021-42378 AVG-2562 Medium No Arbitrary code execution
A use-after-free in Busybox's awk applet before version 1.34.0 leads to denial of service and possibly code execution when processing a crafted awk pattern...
CVE-2021-42377 AVG-2562 Medium Yes Arbitrary code execution
An attacker-controlled pointer free in Busybox's hush applet before version 1.34.0 leads to denial of service and possible code execution when processing a...
CVE-2021-42376 AVG-2562 Medium Yes Denial of service
A NULL pointer dereference in Busybox's hush applet before version 1.34.0 leads to denial of service when processing a crafted shell command, due to missing...
CVE-2021-42375 AVG-2562 Medium Yes Denial of service
An incorrect handling of a special element in Busybox's ash applet before version 1.34.0 leads to denial of service when processing a crafted shell command,...
CVE-2021-42374 AVG-2562 Medium Yes Information disclosure
An out-of-bounds heap read in Busybox's unlzma applet before version 1.34.0 leads to information leak and denial of service when crafted LZMA-compressed...
CVE-2021-42373 AVG-2562 Medium No Denial of service
A NULL pointer dereference in Busybox's man applet before version 1.34.0 leads to denial of service when a section name is supplied but no page argument is given.
CVE-2021-28831 AVG-1708 Low No Denial of service
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation...
CVE-2017-16544 AVG-514 High No Arbitrary code execution
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a...

Advisories

Date Advisory Group Severity Type
25 Mar 2021 ASA-202103-11 AVG-1708 Low denial of service
01 Mar 2018 ASA-201803-2 AVG-514 High arbitrary code execution