Search for packages
| purl | pkg:deb/debian/busybox@1:1.37.0-6 |
| Next non-vulnerable version | 1:1.37.0-10.1 |
| Latest non-vulnerable version | 1:1.37.0-10.1 |
| Risk | 3.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8844-hdkd-yyc7
Aliases: CVE-2026-26158 |
busybox: BusyBox: Arbitrary file modification and privilege escalation via unvalidated tar archive entries |
Affected by 0 other vulnerabilities. |
|
VCID-fugr-ve7z-efdb
Aliases: CVE-2026-26157 |
busybox: BusyBox: Arbitrary file overwrite and potential code execution via incomplete path sanitization |
Affected by 0 other vulnerabilities. |
|
VCID-g5t1-3tab-uuf9
Aliases: CVE-2024-58251 |
In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim. |
Affected by 0 other vulnerabilities. |
|
VCID-jjqh-pw7r-buau
Aliases: CVE-2025-46394 |
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. |
Affected by 0 other vulnerabilities. |
|
VCID-n1u3-njfx-vfcp
Aliases: CVE-2023-42366 |
busybox: A heap-buffer-overflow |
Affected by 0 other vulnerabilities. |
|
VCID-t62w-rrsb-vqgy
Aliases: CVE-2025-60876 |
busybox: BusyBox wget: HTTP request-target allows header injection |
Affected by 0 other vulnerabilities. |
|
VCID-ytff-pgz4-tub2
Aliases: CVE-2023-39810 |
busybox: CPIO command of Busybox allows attackers to execute a directory traversal |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-13T09:05:32.930618+00:00 | Debian Importer | Affected by | VCID-8844-hdkd-yyc7 | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-13T08:30:59.029968+00:00 | Debian Importer | Affected by | VCID-g5t1-3tab-uuf9 | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-13T08:01:28.279755+00:00 | Debian Importer | Affected by | VCID-n1u3-njfx-vfcp | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-13T08:00:15.166361+00:00 | Debian Importer | Affected by | VCID-jjqh-pw7r-buau | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-13T07:20:29.833053+00:00 | Debian Importer | Affected by | VCID-fugr-ve7z-efdb | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-13T07:14:24.665347+00:00 | Debian Importer | Affected by | VCID-t62w-rrsb-vqgy | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-11T17:48:44.815002+00:00 | Debian Importer | Affected by | VCID-ytff-pgz4-tub2 | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-02T17:17:48.060652+00:00 | Debian Importer | Affected by | VCID-8844-hdkd-yyc7 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-02T17:15:03.442549+00:00 | Debian Importer | Affected by | VCID-g5t1-3tab-uuf9 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-02T17:12:40.935809+00:00 | Debian Importer | Affected by | VCID-n1u3-njfx-vfcp | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-02T17:12:37.928087+00:00 | Debian Importer | Affected by | VCID-jjqh-pw7r-buau | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-02T17:09:38.169744+00:00 | Debian Importer | Affected by | VCID-fugr-ve7z-efdb | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-02T17:09:08.900932+00:00 | Debian Importer | Affected by | VCID-t62w-rrsb-vqgy | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-02T17:02:14.074551+00:00 | Debian Importer | Affected by | VCID-ytff-pgz4-tub2 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |