PT-2022-6589 · Busybox+3 · Busybox+3

Taolaw

Published

2022-04-27

Updated

2024-06-15

CVE-2022-30065

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Busybox versions 1.35-x

Description The issue is related to a use-after-free in the awk applet of Busybox, which can lead to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For Busybox version 1.35-x, consider disabling the copyvar function in the awk applet as a temporary workaround until a patch is available. Restrict access to the awk applet to minimize the risk of exploitation. Avoid using the copyvar function when processing awk patterns until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

AZL-9815

BDU:2023-02631

CVE-2022-30065

MGASA-2022-0458

OESA-2022-1859

OPENSUSE-SU-2022_4309-1

OPENSUSE-SU-2022_4371-1

OPENSUSE-SU-2024:12536-1

ROSA-SA-2024-2426

SUSE-SU-2022:4309-1

SUSE-SU-2022:4371-1

SUSE-SU-2022:4372-1

SUSE-SU-2022_4309-1

SUSE-SU-2022_4372-1

Affected Products

Astra Linux

Busybox

Debian

Suse

PT-2022-6589 · Busybox+3 · Busybox+3

CVE-2022-30065

Weakness Enumeration

Related Identifiers

Affected Products

References · 35