VDB

GCVE-VVD-MAGEIA-2021-533

GCVE-VVD-MAGEIA-2021-533
Advisory Published
Vulnetix · Advisory published December 2, 2021
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. (CVE-2021-42376) An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. (CVE-2021-42377) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function. (CVE-2021-42378) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function. (CVE-2021-42379) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function. (CVE-2021-42380) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function. (CVE-2021-42381) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function. (CVE-2021-42382) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function. (CVE-2021-42383) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function. (CVE-2021-42384) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function. (CVE-2021-42385) A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function. (CVE-2021-42386)
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiabusybox0 (affected), 1.34.1-1.mga8 (unaffected)

Aliases

CVE-2021-42383CVE-2021-42380CVE-2021-42377CVE-2021-42382CVE-2021-42381

Transitive aliases

GHSA-6w3h-h7gw-72qfVVD-CISA-2021-42383CVE-2021-42375CVE-2021-42373GHSA-6f92-r9cq-v6cqBDU:2025-05992VVD-CISA-2021-42382GHSA-xhv3-6p64-vccwBDU:2021-06386EUVD-2021-29344GHSA-vf8c-vqhx-x48jEUVD-2021-29352EUVD-2021-29348BDU:2025-05993VVD-CISA-2021-42375BDU:2025-05995BDU:2021-06390VVD-CISA-2021-42381BDU:2025-05991EUVD-2021-29346GHSA-xpm2-jxrf-prmxGHSA-h7xx-2pfg-qqhmEUVD-2021-29345EUVD-2021-29351CVE-2021-42374GHSA-f96c-9cw7-3qmcBDU:2021-06388EUVD-2021-29354VVD-CISA-2021-42374VVD-GENTOO-2021-824222VVD-CISA-2021-42380BDU:2021-06395EUVD-2021-29353GHSA-phvg-gc27-gjwp

References

Updated busybox packages fix security vulnerability
advisory
Updated busybox packages fix security vulnerability
issue
Updated busybox packages fix security vulnerability
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›