CVE-2024-58251

Summary

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.

Affected Software

VendorProductVersion RangeStatus
BusyBoxBusyBox0 <= 1.37.0affected

Weaknesses

  • CWE-150: CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References