CVE-2021-42377

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-42377
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42377.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-42377
Downstream
Related
Published
2021-11-15T21:15:07.700Z
Modified
2026-04-02T07:34:45.655060Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.

References

Affected packages

Git / github.com/mirror/busybox

Affected ranges

Type
GIT
Repo
https://github.com/mirror/busybox
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a4c3a341394a1fb25be8c15d2ddfe3ec77cbb83c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bcc5b0e6caca6c7602a6a41faa5f980292e0fbc5
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.33.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.33.1"
        }
    ]
}

Affected versions

Other
0_29alpha2
0_32
0_33
0_34
0_36
0_39
0_40
0_41
0_42
0_43
0_43pre1
0_45
0_46
0_47
0_48
0_49
0_50
0_51
0_52
0_60_0
0_60_1
0_60_2
0_60_3
0_60_4
0_60_5
1_00
1_00_pre1
1_00_pre10
1_00_pre2
1_00_pre3
1_00_pre4
1_00_pre5
1_00_pre6
1_00_pre7
1_00_pre8
1_00_pre9
1_00_rc1
1_00_rc2
1_00_rc3
1_10_0
1_10_3
1_11_0
1_11_1
1_11_2
1_11_3
1_12_0
1_12_1
1_12_2
1_12_3
1_12_4
1_13_0
1_13_1
1_13_2
1_13_3
1_13_4
1_14_0
1_14_1
1_14_2
1_14_3
1_14_4
1_15_0
1_15_1
1_15_2
1_15_3
1_16_0
1_16_1
1_16_2
1_17_0
1_17_1
1_17_2
1_17_3
1_17_4
1_18_0
1_18_1
1_18_2
1_18_3
1_18_4
1_18_5
1_19_0
1_19_1
1_19_2
1_19_3
1_19_4
1_1_0
1_1_1
1_1_2
1_1_3
1_20_0
1_20_1
1_20_2
1_21_0
1_21_1
1_22_0
1_22_1
1_23_0
1_23_1
1_23_2
1_24_0
1_24_1
1_24_2
1_25_0
1_25_1
1_26_0
1_26_1
1_26_2
1_27_0
1_27_1
1_27_2
1_28_0
1_28_1
1_28_2
1_28_3
1_28_4
1_29_0
1_29_1
1_29_2
1_29_3
1_2_0
1_2_1
1_30_0
1_30_1
1_31_0
1_31_1
1_32_0
1_32_1
1_33_0
1_4_0
1_4_2
1_5_1
1_5_2
1_6_0
1_6_1
1_6_2
1_7_0
1_7_1
1_7_2
1_7_3
1_7_4
1_7_5
1_8_0
1_8_1
1_8_2
1_8_3
1_9_0
1_9_1
1_9_2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42377.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    }
]