CVE-2022-28391
HIGHBusyBox < 1.35.0 - Remote Code Execution via netstat DNS PTR Record Handling
Title source: llmDescription
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.
References (3)
Core 3
Core References
Exploit, Patch, Vendor Advisory x_refsource_misc
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
Scores
CVSS v3
8.8
EPSS
0.0340
EPSS Percentile
87.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-88
Status
published
Products (1)
busybox/busybox
< 1.35.0
Published
Apr 03, 2022
Tracked Since
Feb 18, 2026