CVE-2021-42375

Summary

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.

Affected Software

VendorProductVersion RangeStatus
busyboxbusyboxunspecified < 1.34.0affected

Weaknesses

  • CWE-159: CWE-159

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References