Analyzed
about 2 hours
ago.
based on code collected
about 2 hours
ago.
Major Versions
click and drag to zoom
Security Vulnerabilities for Version:
Severities:
Type
|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2025-46394 | BDSA-2025-3524 | Low | Apr 23, 2025 | In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. |
1.36.1, 1.33.2, 1.34.1, 1.34.0, 1.32.0, 1.30.0, 1.10.2, 1.10.0, 1.9.0, 1.4.0
|
| CVE-2023-42366 | BDSA-2023-3284 | Medium | Nov 27, 2023 | A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. |
1.36.1
|
| CVE-2023-42365 | BDSA-2023-3283 | Medium | Nov 27, 2023 | A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. |
1.36.1
|
| CVE-2023-42364 | BDSA-2023-3282 | Medium | Nov 27, 2023 | A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate functi more... |
1.36.1
|
| CVE-2023-42363 | BDSA-2023-3278 | Medium | Nov 27, 2023 | A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. |
1.36.1
|
| CVE-2022-48174 | BDSA-2022-4244 | Critical | Aug 22, 2023 | There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be exe more... |
1.36.1, 1.33.2, 1.34.1, 1.34.0, 1.32.0, 1.30.0, 1.10.2, 1.10.0, 1.9.0, 1.4.0
|
| BDSA-2025-3520 | Low | Apr 24, 2025 | Denial-of-service (DoS) conditions can be induced in BusyBox when certain crafted applications are found through use of the netstat command. A local at more... | ||
| BDSA-2023-2258 | Medium | Aug 29, 2023 | The BusyBox `cpio` tool is vulnerable to a path traversal issue due to a lack of sufficient validation of file names within `cpio` archives. This flaw more... | ||
| BDSA-2022-0883 | Medium | Apr 04, 2022 | BusyBox is vulnerable to arbitrary code execution due to insufficient validation of escape sequences. A remote attacker could exploit this by supplying more... |
