PT-2025-17652 · Busybox+1 · Busybox+1

Published

2025-04-23

Updated

2026-05-04

CVE-2024-58251

CVSS v3.1

2.5

Low

Vector

AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions BusyBox versions through 1.37.0

Description The issue allows local users to launch a network application with an argv[0] containing an ANSI terminal escape sequence. This can lead to a denial of service when netstat is used by a victim, causing the terminal to lock up.

Recommendations For BusyBox versions through 1.37.0, as a temporary workaround, consider restricting the use of netstat until a patch is available. Avoid using network applications with argv[0] containing ANSI terminal escape sequences in the affected versions.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-150

Related Identifiers

AZL-60933

AZL-61217

CVE-2024-58251

ECHO-5F56-5DFF-E960

OESA-2025-2328

OPENSUSE-SU-2026:10679-1

SUSE-SU-2026:1418-1

Affected Products

Busybox

Debian

PT-2025-17652 · Busybox+1 · Busybox+1

CVE-2024-58251

Weakness Enumeration

Related Identifiers

Affected Products

References · 30