A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: JFROG

Published:

Updated: 2024-08-04T03:30:38.515Z

Reserved: 2021-10-14T00:00:00

Link: CVE-2021-42376

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-11-15T21:15:07.647

Modified: 2024-11-21T06:27:41.533

Link: CVE-2021-42376

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-11-09T00:00:00Z

Links: CVE-2021-42376 - Bugzilla

cve-icon OpenCVE Enrichment

No data.