What the vulnerability does

01Description

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.

Key dates

02Disclosure timeline

November 15, 2021 CVE published
April 23, 2025 Record updated