CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
61.7%
There is a stack overflow vulnerability in ash.c:6030 in busybox before
1.35. In the environment of Internet of Vehicles, this vulnerability can be
executed from command to arbitrary code execution.
Author | Note |
---|---|
Priority reason: Denial of service only in shell | |
mdeslaur | this is likely a denial of service only on Ubuntu because of stack protector Contrary to description, this is not fixed in 1.35 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | busybox | < 1:1.27.2-2ubuntu3.4+esm1 | UNKNOWN |
ubuntu | 20.04 | noarch | busybox | < any | UNKNOWN |
ubuntu | 22.04 | noarch | busybox | < any | UNKNOWN |
ubuntu | 24.04 | noarch | busybox | < any | UNKNOWN |
ubuntu | 14.04 | noarch | busybox | < 1:1.21.0-1ubuntu1.4+esm1 | UNKNOWN |
ubuntu | 16.04 | noarch | busybox | < 1:1.22.0-15ubuntu1.4+esm2 | UNKNOWN |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
61.7%