DEBIAN-CVE-2021-42375

DEBIAN-CVE-2021-42375 PUBLISHED CVSS 5.5 MEDIUM

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian	busybox
Debian:14	busybox	0, 0, 0
Debian:13	busybox	0, 0, 0
Debian:11	busybox	1.35.0-2, 1.35.0-2, 1.35.0-3
Debian:12	busybox	0, 0, 0

Timeline

Nov 15, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2021-42375 advisory

Open in Interactive Console →