Vulnerability Description
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
CVSS Score
7.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Busybox | Busybox | >= 1.16.0, <= 1.33.1 |
| Fedoraproject | Fedora | 33 |
Related Weaknesses (CWE)
References
- https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovere
- https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-clarThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.netapp.com/advisory/ntap-20211223-0002/Third Party Advisory
- https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovere
- https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-clarThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.netapp.com/advisory/ntap-20211223-0002/Third Party Advisory
FAQ
What is CVE-2021-42385?
CVE-2021-42385 is a vulnerability with a CVSS score of 7.2 (HIGH). A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
How severe is CVE-2021-42385?
CVE-2021-42385 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-42385?
Check the references section above for vendor advisories and patch information. Affected products include: Busybox Busybox, Fedoraproject Fedora.