CVE-2021-42375
First published: Mon Nov 15 2021(Updated: )
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.
Credit: reefs@jfrog.com reefs@jfrog.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Busybox Busybox | =1.33.1 | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 | |
| Netapp Cloud Backup | ||
| Netapp Hci Management Node | ||
| Netapp Solidfire | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| Netapp H300e Firmware | ||
| Netapp H300e | ||
| Netapp H500e Firmware | ||
| Netapp H500e | ||
| Netapp H700e Firmware | ||
| Netapp H700e | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| All of | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| All of | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| All of | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| All of | ||
| Netapp H300e Firmware | ||
| Netapp H300e | ||
| All of | ||
| Netapp H500e Firmware | ||
| Netapp H500e | ||
| All of | ||
| Netapp H700e Firmware | ||
| Netapp H700e | ||
| All of | ||
| Netapp H410s Firmware | ||
| Netapp H410s |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog
- https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
- https://security.netapp.com/advisory/ntap-20211223-0002/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
Frequently Asked Questions
What is CVE-2021-42375?
CVE-2021-42375 is a vulnerability in Busybox's ash applet that leads to denial of service when processing a crafted shell command.
What is the severity of CVE-2021-42375?
The severity of CVE-2021-42375 is medium with a CVSS score of 5.5.
Which software versions are affected by CVE-2021-42375?
Busybox version 1.33.1, Fedora 33 and Fedora 34, Netapp Cloud Backup, Netapp Hci Management Node, Netapp Solidfire, Apple macOS Ventura, Apple macOS Big Sur, Apple macOS Monterey, Netapp H300e Firmware, Netapp H500e Firmware, Netapp H700e Firmware, and Apple macOS Monterey are affected.
How can I fix CVE-2021-42375?
To fix CVE-2021-42375, it is recommended to update Busybox to a patched version, apply the necessary software updates for affected operating systems, or follow the recommendations from the software vendors or distributors.
Where can I find more information about CVE-2021-42375?
More information about CVE-2021-42375 can be found at the following references: [Link1](https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog), [Link2](https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/), [Link3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/).
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/busybox
- canonical/busybox busybox
- version/busybox busybox/1.33.1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34
- vendor/netapp
- canonical/netapp cloud backup
- canonical/netapp hci management node
- canonical/netapp solidfire
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h300e firmware
- canonical/netapp h300e
- canonical/netapp h500e firmware
- canonical/netapp h500e
- canonical/netapp h700e firmware
- canonical/netapp h700e
- canonical/netapp h410s firmware
- canonical/netapp h410s