A NULL pointer dereference in hush leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.Read more: “Unboxing Busybox: 14 Vulnerabilities Uncovered by Claroty, JFrog”

Risk Information

  • CVE ID
  • CVE-2021-42376
  • Vendor
  • Busybox
  • Product
  • Linux Utilities
  • CVSS v3
  • 4.1