CVE-2023-42364

MEDIUM

BusyBox 1.36.1 - Denial of Service via Crafted Awk Pattern in Awk Evaluate Function

Title source: llm

Description

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

References (2)

Core 2

Core References

Exploit, Vendor Advisory

https://bugs.busybox.net/show_bug.cgi?id=15868

Mailing List

https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html

Scores

CVSS v3 5.5

EPSS 0.0043

EPSS Percentile 34.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-416

Status published

Products (1)

busybox/busybox 1.36.1

Published Nov 27, 2023

Tracked Since Feb 18, 2026