CVE-2022-30065: Use After Free
First published: Wed May 18 2022(Updated: )
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Busybox Busybox | =1.35.0 | |
| Siemens Scalance Sc622-2c Firmware | <3.0 | |
| Siemens Scalance Sc622-2c | ||
| Siemens Scalance Sc626-2c Firmware | <3.0 | |
| Siemens Scalance Sc626-2c | ||
| Siemens Scalance Sc632-2c Firmware | <3.0 | |
| Siemens Scalance Sc632-2c | ||
| Siemens Scalance Sc636-2c Firmware | <3.0 | |
| Siemens Scalance Sc636-2c | ||
| Siemens Scalance Sc642-2c Firmware | <3.0 | |
| Siemens Scalance Sc642-2c | ||
| Siemens Scalance Sc646-2c Firmware | <3.0 | |
| Siemens Scalance Sc646-2c |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-30065?
CVE-2022-30065 is a use-after-free vulnerability in Busybox 1.35-x's awk applet that can lead to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.
Which software versions are affected by CVE-2022-30065?
Busybox version 1.35.0 and Apple macOS Big Sur (up to exclusive version 3.0) are affected by CVE-2022-30065.
What is the severity of CVE-2022-30065?
The severity of CVE-2022-30065 is high with a CVSS score of 7.8.
How can CVE-2022-30065 be exploited?
CVE-2022-30065 can be exploited by processing a crafted awk pattern in the copyvar function of Busybox 1.35-x's awk applet.
Where can I find more information about CVE-2022-30065?
More information about CVE-2022-30065 can be found at the following references: [https://bugs.busybox.net/show_bug.cgi?id=14781](https://bugs.busybox.net/show_bug.cgi?id=14781) and [https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf)
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/author
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/busybox
- canonical/busybox busybox
- version/busybox busybox/1.35.0
- vendor/siemens
- canonical/siemens scalance sc622-2c firmware
- canonical/siemens scalance sc622-2c
- canonical/siemens scalance sc626-2c firmware
- canonical/siemens scalance sc626-2c
- canonical/siemens scalance sc632-2c firmware
- canonical/siemens scalance sc632-2c
- canonical/siemens scalance sc636-2c firmware
- canonical/siemens scalance sc636-2c
- canonical/siemens scalance sc642-2c firmware
- canonical/siemens scalance sc642-2c
- canonical/siemens scalance sc646-2c firmware
- canonical/siemens scalance sc646-2c