Vulnerability identifier: #VU59877
Vulnerability risk: Low
Exploitation vector: Local
Exploit availability: No
Universal components / Libraries / Software for developers
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in Busybox's hush applet when processing a crafted shell command with a \x03 delimiter character. A local user can pass specially crafted string to the affected applet and crash the application.
Install update from vendor's website.
Vulnerable software versions
BusyBox: 1.16.0 - 1.33.1
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?