Search for packages
| purl | pkg:deb/debian/busybox@1:1.35.0-4?distro=trixie |
| Next non-vulnerable version | 1:1.36.1-1 |
| Latest non-vulnerable version | 1:1.37.0-10.1 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8844-hdkd-yyc7
Aliases: CVE-2026-26158 |
busybox: BusyBox: Arbitrary file modification and privilege escalation via unvalidated tar archive entries |
Affected by 0 other vulnerabilities. |
|
VCID-9s28-b1gj-uqaj
Aliases: CVE-2022-48174 |
busybox: stack overflow vulnerability in ash.c leads to arbitrary code execution |
Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-fugr-ve7z-efdb
Aliases: CVE-2026-26157 |
busybox: BusyBox: Arbitrary file overwrite and potential code execution via incomplete path sanitization |
Affected by 0 other vulnerabilities. |
|
VCID-g5t1-3tab-uuf9
Aliases: CVE-2024-58251 |
In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-jjqh-pw7r-buau
Aliases: CVE-2025-46394 |
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-n1u3-njfx-vfcp
Aliases: CVE-2023-42366 |
busybox: A heap-buffer-overflow |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-syfd-zx16-n3gy
Aliases: CVE-2022-30065 |
busybox: A use-after-free in Busybox's awk applet leads to denial of service |
Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-t62w-rrsb-vqgy
Aliases: CVE-2025-60876 |
busybox: BusyBox wget: HTTP request-target allows header injection |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-v6td-yjyg-rub4
Aliases: CVE-2023-42365 |
busybox: use-after-free |
Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-xjbx-z3d5-5bad
Aliases: CVE-2023-42363 |
busybox: use-after-free in awk |
Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-y9hd-5med-67c4
Aliases: CVE-2023-42364 |
busybox: use-after-free |
Affected by 0 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ytff-pgz4-tub2
Aliases: CVE-2023-39810 |
busybox: CPIO command of Busybox allows attackers to execute a directory traversal |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1186-afu9-nuhd | A vulnerability in BusyBox might allow remote attackers to cause a Denial of Service condition. |
CVE-2016-6301
|
| VCID-1drx-383s-uqb7 | busybox: Out of bounds read in udhcp components resulting in information disclosure |
CVE-2018-20679
|
| VCID-2kxn-4rm6-nfh2 | busybox: remote attackers may execute arbitrary code if netstat is used |
CVE-2022-28391
|
| VCID-3gvz-zyd7-pfh5 | Multiple vulnerabilities have been found in BusyBox, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. |
CVE-2013-1813
|
| VCID-41a2-4ukm-pbfk | Multiple vulnerabilities have been found in BusyBox, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. |
CVE-2011-2716
|
| VCID-4asq-bb6w-1bf2 | busybox: Out of bounds read in udhcp components resulting in information disclosure |
CVE-2019-5747
|
| VCID-4muk-rhx5-yqeu | Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. |
CVE-2021-42386
|
| VCID-4qpt-mxfy-6bh6 | Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. |
CVE-2021-42385
|
| VCID-5rmt-k48a-ubbg | Multiple vulnerabilities have been found in BusyBox, the worst of which could allow remote attackers to execute arbitrary code. |
CVE-2017-15873
|
| VCID-674c-ab3f-a7av | Multiple vulnerabilities have been found in BusyBox, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2016-2147
|
| VCID-8r73-bpac-dubc | Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. |
CVE-2021-42377
|
| VCID-92nk-cwc9-rkg4 | Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. |
CVE-2021-42375
|
| VCID-9fex-zr2n-w3cb | Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. |
CVE-2021-42384
|
| VCID-a4vx-45xg-zqej | busybox: Segmentation fault when unzipping specially crafted zip file |
CVE-2015-9261
|
| VCID-dkng-6ayt-h7fv | busybox: wget: Heap-based buffer overflow in the retrieve_file_data() function |
CVE-2018-1000517
|
| VCID-dktd-xqjr-h7h1 | Multiple vulnerabilities have been found in BusyBox, the worst of which could allow remote attackers to execute arbitrary code. |
CVE-2017-16544
|
| VCID-dse8-esmh-3ygm | Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. |
CVE-2021-42380
|
| VCID-g587-5fx5-5uew | Multiple vulnerabilities have been found in BusyBox, the worst of which could allow remote attackers to execute arbitrary code. |
CVE-2017-15874
|
| VCID-gaff-7x2r-2qaf | security flaw |
CVE-2006-1058
|
| VCID-gdfa-8gar-47gd | Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. |
CVE-2021-42379
|
| VCID-gr6n-rhdb-bfh9 | Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI. |
CVE-2006-5050
|
| VCID-jjxj-yf1x-4qg5 | Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. |
CVE-2021-42378
|
| VCID-mdmz-hjvu-hke3 | Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. |
CVE-2021-42382
|
| VCID-nthm-4fpy-zfev | busybox: Path traversal via crafted tar file containing symlink |
CVE-2011-5325
|
| VCID-qrs2-dwcr-cfam | Multiple vulnerabilities have been found in BusyBox, allowing context dependent attackers to load arbitrary kernel modules, execute arbitrary files, or cause a Denial of Service condition. |
CVE-2014-4607
|
| VCID-r12h-q1dj-a7b8 | Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. |
CVE-2021-42381
|
| VCID-rp81-5jrg-jkht | Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. |
CVE-2021-42373
|
| VCID-rsbc-rpd9-t3hz | Multiple vulnerabilities have been found in BusyBox, allowing context dependent attackers to load arbitrary kernel modules, execute arbitrary files, or cause a Denial of Service condition. |
CVE-2014-9645
|
| VCID-svyb-nqje-dbcs | Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. |
CVE-2021-42383
|
| VCID-tkat-gfks-kqg9 | Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. |
CVE-2021-42374
|
| VCID-vjyq-6k64-7fat | Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. |
CVE-2021-42376
|
| VCID-vm8g-v83d-mbfm | This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. |
CVE-2010-0001
|
| VCID-vpmv-afzs-tffj | A vulnerability in BusyBox might allow remote attackers to cause a Denial of Service condition. |
CVE-2021-28831
|
| VCID-z13y-nsuu-ckfq | Multiple vulnerabilities have been found in BusyBox, the worst of which allows remote attackers to execute arbitrary code. |
CVE-2016-2148
|