{"id":"USN-5179-1","summary":"busybox vulnerabilities","details":"It was discovered that BusyBox incorrectly handled certain malformed gzip\narchives. If a user or automated system were tricked into processing a\nspecially crafted gzip archive, a remote attacker could use this issue to\ncause BusyBox to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2021-28831)\n\nIt was discovered that BusyBox incorrectly handled certain malformed LZMA\narchives. If a user or automated system were tricked into processing a\nspecially crafted LZMA archive, a remote attacker could use this issue to\ncause BusyBox to crash, resulting in a denial of service, or possibly\nleak sensitive information. (CVE-2021-42374)\n\nVera Mens, Uri Katz, Tal Keren, Sharon Brizinov, and Shachar Menashe\ndiscovered that BusyBox incorrectly handled certain awk patterns. If a user\nor automated system were tricked into processing a specially crafted awk\npattern, a remote attacker could use this issue to cause BusyBox to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381,\nCVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386)\n","modified":"2026-02-10T04:42:24Z","published":"2021-12-07T12:44:40Z","related":["UBUNTU-CVE-2021-28831","UBUNTU-CVE-2021-42374","UBUNTU-CVE-2021-42378","UBUNTU-CVE-2021-42379","UBUNTU-CVE-2021-42380","UBUNTU-CVE-2021-42381","UBUNTU-CVE-2021-42382","UBUNTU-CVE-2021-42384","UBUNTU-CVE-2021-42385","UBUNTU-CVE-2021-42386"],"upstream":["CVE-2021-28831","CVE-2021-42374","CVE-2021-42378","CVE-2021-42379","CVE-2021-42380","CVE-2021-42381","CVE-2021-42382","CVE-2021-42384","CVE-2021-42385","CVE-2021-42386","UBUNTU-CVE-2021-28831","UBUNTU-CVE-2021-42374","UBUNTU-CVE-2021-42378","UBUNTU-CVE-2021-42379","UBUNTU-CVE-2021-42380","UBUNTU-CVE-2021-42381","UBUNTU-CVE-2021-42382","UBUNTU-CVE-2021-42384","UBUNTU-CVE-2021-42385","UBUNTU-CVE-2021-42386"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5179-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-28831"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-42374"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-42378"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-42379"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-42380"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-42381"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-42382"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-42384"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-42385"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-42386"}],"affected":[{"package":{"name":"busybox","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/busybox@1:1.27.2-2ubuntu3.4?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.27.2-2ubuntu3.4"}]}],"versions":["1:1.22.0-19ubuntu2","1:1.27.2-1ubuntu3","1:1.27.2-1ubuntu4","1:1.27.2-2ubuntu2","1:1.27.2-2ubuntu3","1:1.27.2-2ubuntu3.1","1:1.27.2-2ubuntu3.2","1:1.27.2-2ubuntu3.3"],"ecosystem_specific":{"binaries":[{"binary_name":"busybox","binary_version":"1:1.27.2-2ubuntu3.4"},{"binary_name":"busybox-initramfs","binary_version":"1:1.27.2-2ubuntu3.4"},{"binary_name":"busybox-static","binary_version":"1:1.27.2-2ubuntu3.4"},{"binary_name":"busybox-syslogd","binary_version":"1:1.27.2-2ubuntu3.4"},{"binary_name":"udhcpc","binary_version":"1:1.27.2-2ubuntu3.4"},{"binary_name":"udhcpd","binary_version":"1:1.27.2-2ubuntu3.4"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"id":"CVE-2021-28831","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42374","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42378","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42379","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42380","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42381","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42382","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42384","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42385","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42386","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5179-1.json"}},{"package":{"name":"busybox","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/busybox@1:1.30.1-4ubuntu6.4?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.30.1-4ubuntu6.4"}]}],"versions":["1:1.30.1-4ubuntu4","1:1.30.1-4ubuntu5","1:1.30.1-4ubuntu6","1:1.30.1-4ubuntu6.1","1:1.30.1-4ubuntu6.2","1:1.30.1-4ubuntu6.3"],"ecosystem_specific":{"binaries":[{"binary_name":"busybox","binary_version":"1:1.30.1-4ubuntu6.4"},{"binary_name":"busybox-initramfs","binary_version":"1:1.30.1-4ubuntu6.4"},{"binary_name":"busybox-static","binary_version":"1:1.30.1-4ubuntu6.4"},{"binary_name":"busybox-syslogd","binary_version":"1:1.30.1-4ubuntu6.4"},{"binary_name":"udhcpc","binary_version":"1:1.30.1-4ubuntu6.4"},{"binary_name":"udhcpd","binary_version":"1:1.30.1-4ubuntu6.4"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"id":"CVE-2021-28831","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42374","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42378","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42379","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42380","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42381","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42382","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42384","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42385","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]},{"id":"CVE-2021-42386","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5179-1.json"}}],"schema_version":"1.7.3"}