14 security vulnerabilities reported in BusyBox Linux utility

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

BusyBox is an open-source utility that combines several standard Unix tools such as cp, ls, grep into a single binary or executable file.

DevOps firm JFrog and industrial cybersecurity company, Claroty’s researchers have published a joint report to share details of fourteen vulnerabilities they identified in the BusyBox Linux utility. 

About the Flaws

These security vulnerabilities are tracked from CVE-2021-42373 through CVE-2021-42386. Reportedly, these security weaknesses impact multiple versions of BusyBox, ranging from 1.16 through1.33.1. BusyBox developers patched all the flaws in August with the release of version 1.34.0.

According to researchers, these security flaws can be exploited by threat actors to launch DoS (denial-of-service) attacks. In some cases, if exploited, these can also lead to remote code execution and information disclosure.

However, the flaws were assigned a Medium severity rating because researchers believe they are least likely to be exploited for malicious purposes. 

What is BusyBox?

BusyBox is an open-source utility that combines several standard Unix tools

Read the article