CVE-2021-42375
First published: Mon Nov 15 2021(Updated: )
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.
Credit: reefs@jfrog.com reefs@jfrog.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BusyBox | =1.33.1 | |
| Red Hat Fedora | =33 | |
| Red Hat Fedora | =34 | |
| NetApp Cloud Backup | ||
| NetApp SolidFire & HCI Management Node | ||
| NetApp SolidFire & HCI Storage Node | ||
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H700S | ||
| NetApp H700S | ||
| NetApp H300E | ||
| NetApp H300E Firmware | ||
| NetApp H500S Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H700E | ||
| NetApp H700E | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| =1.33.1 | ||
| =33 | ||
| =34 | ||
| All of | ||
| All of | ||
| All of | ||
| All of | ||
| All of | ||
| All of | ||
| All of | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog
- https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
- https://security.netapp.com/advisory/ntap-20211223-0002/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
Frequently Asked Questions
What is CVE-2021-42375?
CVE-2021-42375 is a vulnerability in Busybox's ash applet that leads to denial of service when processing a crafted shell command.
What is the severity of CVE-2021-42375?
The severity of CVE-2021-42375 is medium with a CVSS score of 5.5.
Which software versions are affected by CVE-2021-42375?
Busybox version 1.33.1, Fedora 33 and Fedora 34, Netapp Cloud Backup, Netapp Hci Management Node, Netapp Solidfire, Apple macOS Ventura, Apple macOS Big Sur, Apple macOS Monterey, Netapp H300e Firmware, Netapp H500e Firmware, Netapp H700e Firmware, and Apple macOS Monterey are affected.
How can I fix CVE-2021-42375?
To fix CVE-2021-42375, it is recommended to update Busybox to a patched version, apply the necessary software updates for affected operating systems, or follow the recommendations from the software vendors or distributors.
Where can I find more information about CVE-2021-42375?
More information about CVE-2021-42375 can be found at the following references: [Link1](https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog), [Link2](https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/), [Link3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/).
- agent/type
- agent/weakness
- agent/severity
- agent/description
- agent/references
- agent/first-publish-date
- agent/author
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- vendor/busybox
- canonical/busybox
- version/busybox/1.33.1
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/33
- version/red hat fedora/34
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp solidfire & hci management node
- canonical/netapp solidfire & hci storage node
- canonical/netapp h300s firmware
- canonical/netapp h500e firmware
- canonical/netapp h700s
- canonical/netapp h300e
- canonical/netapp h300e firmware
- canonical/netapp h500s firmware
- canonical/netapp h700e
- canonical/netapp h410s
- canonical/netapp h410s firmware