An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: JFROG

Published:

Updated: 2024-08-04T03:30:38.349Z

Reserved: 2021-10-14T00:00:00

Link: CVE-2021-42377

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-11-15T21:15:07.700

Modified: 2024-11-21T06:27:41.657

Link: CVE-2021-42377

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-11-09T00:00:00Z

Links: CVE-2021-42377 - Bugzilla

cve-icon OpenCVE Enrichment

No data.