PT-2026-60313 · Busybox · Busybox

CVE-2026-38754

·

Published

2026-07-15

·

Updated

2026-07-16

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Busybox version 1.38.0
Description A heap overflow occurs in the ifsbreakup() function (located in shell/ash.c). This issue allows attackers to cause a Denial of Service (DoS) by providing a specially crafted input. A heap overflow is a memory corruption error that happens when a program writes more data to a heap-allocated memory block than it can hold.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-38754

Affected Products

Busybox