CVE-2022-48174

CRITICAL

Debian Linux < 1.36.1 - Out-of-Bounds Write

Title source: rule
STIX 2.1

Description

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

Scores

CVSS v3 9.8
EPSS 0.0313
EPSS Percentile 86.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-787
Status published
Products (2)
busybox/busybox < 1.36.1
debian/debian_linux 11.0
Published Aug 22, 2023
Tracked Since Feb 18, 2026