pkg:Debian/busybox

50 total CVEsCRITICAL4HIGH26MEDIUM15LOW2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2022-48174There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35.
    from 0, < 1:1.30.1-6+deb11u1
  • CRITICAL9.8CVE-2021-42377An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a craft…
    from 0
  • CRITICAL9.8CVE-2018-1000517BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in B…
    from 0, < 1:1.27.2-3
  • CRITICAL9.8CVE-2016-2148Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vect…
    from 0, < 1:1.27.2-1
  • HIGH8.8CVE-2014-4607lzo2 - security update
    from 0, < 1:1.22.0-10
  • HIGH8.8CVE-2017-16544In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of f…
    from 0, < 1:1.27.2-2
  • HIGH8.1CVE-2018-1000500Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code executio…
    from 0
  • HIGH7.8CVE-2023-39810An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.
    from 0
  • HIGH7.8CVE-2022-30065A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk patter…
    from 0
  • HIGH7.5CVE-2021-28831busybox - security update
    from 0, < 1:1.30.1-6+deb11u1
  • HIGH7.5CVE-2021-28831busybox - security update
    from 0, < 1:1.22.0-19+deb9u2
  • HIGH7.5CVE-2021-28831busybox - security update
    from 0, < 1:1.30.1-6+deb11u1
  • HIGH7.5CVE-2019-5747An issue was discovered in BusyBox through 1.30.0.
    from 0, < 1:1.30.1-2
  • HIGH7.5CVE-2018-20679An issue was discovered in BusyBox before 1.30.0.
    from 0, < 1:1.30.1-1
  • HIGH7.5CVE-2011-5325busybox - security update
    from 0, < 1:1.22.0-19+deb9u1
  • HIGH7.5CVE-2011-5325busybox - security update
    from 0, < 1:1.27.2-1
  • HIGH7.5CVE-2011-5325busybox - security update
    from 0, < 1:1.22.0-9+deb8u2
  • HIGH7.5CVE-2016-2147Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a ma…
    from 0, < 1:1.27.2-1
  • HIGH7.5CVE-2016-6301The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and band…
    from 0, < 1:1.27.2-1
  • HIGH7.2CVE-2021-42386A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
    from 0, < 1:1.30.1-6+deb11u1
  • HIGH7.2CVE-2021-42385A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
    from 0, < 1:1.30.1-6+deb11u1
  • HIGH7.2CVE-2021-42384A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
    from 0, < 1:1.30.1-6+deb11u1
  • HIGH7.2CVE-2021-42383A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
    from 0
  • HIGH7.2CVE-2021-42382A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
    from 0, < 1:1.30.1-6+deb11u1
  • HIGH7.2CVE-2021-42381A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
    from 0, < 1:1.30.1-6+deb11u1
  • HIGH7.2CVE-2021-42380A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
    from 0, < 1:1.30.1-6+deb11u1
  • HIGH7.2CVE-2021-42379A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
    from 0, < 1:1.30.1-6+deb11u1
  • HIGH7.2CVE-2021-42378A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in th…
    from 0, < 1:1.30.1-6+deb11u1
  • HIGH7.0CVE-2026-26158A flaw was found in BusyBox.
    from 0
  • HIGH7.0CVE-2026-26157A flaw was found in BusyBox.
    from 0
  • MEDIUM6.5CVE-2025-60876BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the r…
    from 0
  • MEDIUM5.5CVE-2023-42366A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.
    from 0
  • MEDIUM5.5CVE-2023-42365A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
    from 0, < 1:1.30.1-6+deb11u1
  • MEDIUM5.5CVE-2023-42364A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c eva…
    from 0, < 1:1.30.1-6+deb11u1
  • MEDIUM5.5CVE-2023-42363A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
    from 0
  • MEDIUM5.5CVE-2021-42376A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing vali…
    from 0
  • MEDIUM5.5CVE-2021-42375An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due…
    from 0
  • MEDIUM5.5CVE-2021-42373A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
    from 0
  • MEDIUM5.5CVE-2015-9261busybox - security update
    from 0, < 1:1.17.1-8+deb6u11
  • MEDIUM5.5CVE-2015-9261busybox - security update
    from 0, < 1:1.27.2-1
  • MEDIUM5.5CVE-2017-15874archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.
    from 0, < 1:1.27.2-2
  • MEDIUM5.5CVE-2017-15873The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write…
    from 0, < 1:1.27.2-2
  • MEDIUM5.5CVE-2014-9645The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel…
    from 0, < 1:1.22.0-15
  • MEDIUM5.5CVE-2006-1058BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen passwor…
    from 0, < 1:1.1.3-1
  • MEDIUM5.3CVE-2021-42374An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is…
    from 0, < 1:1.30.1-6+deb11u1
  • LOW3.3CVE-2025-46394In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
    from 0
  • LOW2.5CVE-2024-58251In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequ…
    from 0
  • CVE-2026-29004BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in ne…
    from 0
  • CVE-2013-1813util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which…
    from 0, < 1:1.20.0-8
  • CVE-2011-2716The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the…
    from 0, < 1:1.20.0-3