PT-2026-60314 · Busybox · Busybox

CVE-2026-38755

·

Published

2026-07-15

·

Updated

2026-07-16

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Busybox version 1.38.0
Description A heap overflow occurs in the evalcommand() function (shell/ash.c), which can be triggered by providing crafted input, leading to a Denial of Service (DoS). A heap overflow is a memory corruption issue where a program writes more data to a heap-allocated memory block than it can hold.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-38755

Affected Products

Busybox