VDB
ALPINE-CVE-2021-42375
ALPINE-CVE-2021-42375
PUBLISHED
CVSS 5.5 MEDIUM
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.17 | busybox | 0, 1.12.1-r1, 1.12.1-r5 |
| Alpine:v3.19 | busybox | 1.28.2-r1, 1.24.1-r3, 1.24.1-r2 |
| Alpine:v3.22 | busybox | 1.23.2-r5, 1.33.1-r5, 1.33.1-r4 |
| Alpine:v3.14 | busybox | 1.13.0-r0, 1.33.1-r4, 1.33.1-r3 |
| Alpine:v3.21 | busybox | 1.25.1-r0, 1.24.2-r6, 1.24.2-r5 |
| Alpine:v3.11 | busybox | 0, 0, 0 |
| Alpine:v3.13 | busybox | 1.21.1-r1, 1.21.1-r2, 1.21.1-r3 |
| Alpine:v3.23 | busybox | 1.31.1-r19, 1.25.0-r3, 1.13.0-r0 |
| Alpine:v3.15 | busybox | 1.23.2-r0, 1.22.1-r3, 1.22.1-r2 |
| Alpine:v3.20 | busybox | 1.22.1-r4, 1.22.1-r7, 1.22.1-r8 |
| Alpine:v3.12 | busybox | 0, 0, 0 |
| Alpine:v3.18 | busybox | 1.24.1-r3, 1.24.1-r4, 1.24.1-r5 |
| Alpine:v3.16 | busybox | 0, 1.22.1-r3, 1.22.1-r4 |
Timeline
- Nov 15, 2021 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch