CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
12.7%
A use-after-free vulnerability was discovered in xasprintf function in
xfuncs_printf.c:344 in BusyBox v.1.36.1.
Author | Note |
---|---|
mdeslaur | as of 2024-07-18, there is no fix from upstream for this issue, only a fix proposed on the mailing list |
iconstantin | proposed fix has been merged, bug not yet updated as of 2024-07-24 |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
12.7%