What the vulnerability does

01Description

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.

Key dates

02Disclosure timeline

November 15, 2021 CVE published
August 4, 2024 Record updated