CVE-2023-42364

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions BusyBox version 1.36.1

Description The issue is related to a use-after-free vulnerability in the evaluate function of the awk.c file in the BusyBox set of UNIX utilities. This vulnerability can be exploited by attackers to cause a denial of service via a crafted awk pattern.

Recommendations For BusyBox version 1.36.1, consider disabling the evaluate function in the awk.c file as a temporary workaround until a patch is available. Restrict access to the awk utility to minimize the risk of exploitation.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2025-4016

AZL-33493

AZL-34575

BDU:2023-08324

CVE-2023-42364

DLA-4019-1

ECHO-E4A3-D839-C3A1

OESA-2024-1740

OESA-2024-2438

OESA-2024-2439

OESA-2024-2440

OESA-2024-2441

OPENSUSE-SU-2025:15361-1

SUSE-SU-2025:03205-1

SUSE-SU-2025:03271-1

SUSE-SU-2025:03271-2

SUSE-SU-2025_03205-1

SUSE-SU-2025_03271-1

SUSE-SU-2026:0872-1

SUSE-SU-2026:0892-1

USN-6961-1

Affected Products

Alt Linux

Astra Linux

Busybox

Debian

Linuxmint

Suse

Ubuntu

CVE-2023-42364

Weakness Enumeration

Related Identifiers

Affected Products

References · 76