JFrog Security Research
< Back

XRAY-189471 - BusyBox man NULL Pointer Dereference

CVE-2021-42373 | CVSS 5.5

JFrog Severity:medium

Discovered ByJFrog Collabof the JFrog Security Research Team

Published 9 Nov, 2021 | Last updated 9 Nov, 2021

BusyBox man Section Name Handling NULL Pointer Dereference Local DoS


BusyBox [1.33.0, 1.33.1], fixed in 1.34.0

The BusyBox toolkit implements a large number of Linux tools in a single executable and can even replace the Linux init system. Its small size and flexibility make it popular in embedded devices.

A NULL pointer dereference was found in the man applet, which leads to denial of service when a section name is supplied but no page argument is given. An attacker that controls man command line arguments can trigger this issue.

No PoC is supplied for this issue

No vulnerability mitigations are supplied for this issue

(JFrog) Unboxing BusyBox - 14 new vulnerabilities uncovered by Claroty and JFrog


< Back