PT-2023-7296 · Busybox+6 · Busybox+6

Zclin

Publicado

2023-11-27

Atualizado

2026-03-13

CVE-2023-42364

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions BusyBox version 1.36.1

Description The issue is related to a use-after-free vulnerability in the evaluate function of the awk.c file in the BusyBox set of UNIX utilities. This vulnerability can be exploited by attackers to cause a denial of service via a crafted awk pattern.

Recommendations For BusyBox version 1.36.1, consider disabling the evaluate function in the awk.c file as a temporary workaround until a patch is available. Restrict access to the awk utility to minimize the risk of exploitation.

Exploit

Correção

DoS

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2025-4016

AZL-33493

AZL-34575

BDU:2023-08324

CVE-2023-42364

DLA-4019-1

ECHO-E4A3-D839-C3A1

OESA-2024-1740

OESA-2024-2438

OESA-2024-2439

OESA-2024-2440

OESA-2024-2441

OPENSUSE-SU-2025:15361-1

SUSE-SU-2025:03205-1

SUSE-SU-2025:03271-1

SUSE-SU-2025:03271-2

SUSE-SU-2025_03205-1

SUSE-SU-2025_03271-1

SUSE-SU-2026:0872-1

SUSE-SU-2026:0892-1

USN-6961-1

Produtos afetados

Alt Linux

Astra Linux

Busybox

Debian

Linuxmint

Suse

Ubuntu

PT-2023-7296 · Busybox+6 · Busybox+6

CVE-2023-42364

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 76