CVE-2022-48174

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions busybox versions prior to 1.35

Description The issue is related to a stack overflow vulnerability in the ash.c file of busybox, which can be exploited to achieve arbitrary code execution. This vulnerability is associated with a buffer overflow in memory, allowing a remote attacker to execute arbitrary code using specially crafted data. The vulnerability can be executed from a command in the environment of the Internet of Vehicles.

Recommendations For busybox versions prior to 1.35, update to version 1.35 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ash.c component until a patch is available. Avoid using specially crafted data that could exploit the buffer overflow vulnerability in the ash.c file.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

AZL-56490

AZL-64326

BDU:2023-05378

CVE-2022-48174

DLA-4019-1

ECHO-189B-1DA3-C996

OESA-2023-1583

OPENSUSE-SU-2023_3529-1

OPENSUSE-SU-2023_3820-1

OPENSUSE-SU-2024:13181-1

RHSA-2023:5178

SUSE-SU-2023:3529-1

SUSE-SU-2023:3729-1

SUSE-SU-2023:3819-1

SUSE-SU-2023:3820-1

SUSE-SU-2023_3529-1

SUSE-SU-2023_3729-1

SUSE-SU-2023_3819-1

SUSE-SU-2023_3820-1

USN-6335-1

USN-6961-1

Affected Products

Astra Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Busybox

CVE-2022-48174

Weakness Enumeration

Related Identifiers

Affected Products

References · 55