An attacker-controlled pointer free in Busybox hush leads to remote code execution when processing malformed command line arguments
BusyBox [1.33.0, 1.33.1], fixed in 1.34.0
The BusyBox toolkit implements a large number of Linux tools in a single executable and can even replace the Linux init system. Its small size and flexibility make it popular in embedded devices.
An attacker-controlled pointer free in
hush leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.
An attacker that controls
hush command line arguments can trigger this issue.
No PoC is supplied for this issue
No vulnerability mitigations are supplied for this issue
(JFrog) Unboxing BusyBox - 14 new vulnerabilities uncovered by Claroty and JFrog