Zclin

**Name of the Vulnerable Software and Affected Versions** BusyBox version 1.36.1 **Description** A use-after-free issue was found in the copyvar function of the awk.c file in BusyBox. This issue can be triggered by a crafted awk pattern, potentially allowing an attacker to execute arbitrary code. **Recommendations** For BusyBox version 1.36.1, consider disabling the `copyvar` function in the awk.c file as a temporary workaround until a patch is available. Restrict the use of crafted awk patterns to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BusyBox version 1.36.1 **Description** The issue is related to a use-after-free vulnerability in the `evaluate` function of the `awk.c` file in the BusyBox set of UNIX utilities. This vulnerability can be exploited by attackers to cause a denial of service via a crafted `awk` pattern. **Recommendations** For BusyBox version 1.36.1, consider disabling the `evaluate` function in the `awk.c` file as a temporary workaround until a patch is available. Restrict access to the `awk` utility to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BusyBox version 1.36.1 **Description** A heap-buffer-overflow issue was discovered in the `next token` function at `awk.c:1159`. This issue is related to writing beyond the buffer boundaries. Exploitation of this issue may allow an attacker to cause a denial of service. **Recommendations** For BusyBox version 1.36.1, as a temporary workaround, consider disabling the `next token` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BusyBox version 1.36.1 **Description** A use-after-free issue was found in the `xasprintf` function, located in `xfuncs printf.c` at line 344. This issue can lead to a denial of service. **Recommendations** For BusyBox version 1.36.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.