BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR records value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminals colors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Busybox | Busybox | * | 1.35.0 (including) |
Busybox | Ubuntu | bionic | * |
Busybox | Ubuntu | impish | * |
Busybox | Ubuntu | kinetic | * |
Busybox | Ubuntu | lunar | * |
Busybox | Ubuntu | mantic | * |
Busybox | Ubuntu | trusty | * |
Busybox | Ubuntu | trusty/esm | * |
Busybox | Ubuntu | upstream | * |
Busybox | Ubuntu | xenial | * |