What the vulnerability does

01Description

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function

Key dates

02Disclosure timeline

November 15, 2021 CVE published
November 3, 2025 Record updated