description	title	date_published	last_updated	xray_id	vul_id	cvss	severity	discovered_by	type
CVE-2021-42373 Medium severity. BusyBox man Section Name Handling NULL Pointer Dereference Local DoS	BusyBox man NULL Pointer Dereference	2021-11-09	2021-11-09	XRAY-189471	CVE-2021-42373	5.5	medium	JFrog Collab	vulnerability

Summary

BusyBox man Section Name Handling NULL Pointer Dereference Local DoS

Component

BusyBox

Affected versions

BusyBox [1.33.0, 1.33.1], fixed in 1.34.0

Description

The BusyBox toolkit implements a large number of Linux tools in a single executable and can even replace the Linux init system. Its small size and flexibility make it popular in embedded devices.

A NULL pointer dereference was found in the man applet, which leads to denial of service when a section name is supplied but no page argument is given. An attacker that controls man command line arguments can trigger this issue.

PoC

No PoC is supplied for this issue

Vulnerability Mitigations

No vulnerability mitigations are supplied for this issue

References

(JFrog) Unboxing BusyBox - 14 new vulnerabilities uncovered by Claroty and JFrog

NVD

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

busybox-man-null-pointer-dereference-xray-189471.md

busybox-man-null-pointer-dereference-xray-189471.md

Summary

Component

Affected versions

Description

PoC

Vulnerability Mitigations

References

Files

busybox-man-null-pointer-dereference-xray-189471.md

Latest commit

History

busybox-man-null-pointer-dereference-xray-189471.md

File metadata and controls

Summary

Component

Affected versions

Description

PoC

Vulnerability Mitigations

References