What is CVE-2021-42375?

CVE-2021-42375 is a vulnerability in Busybox, classified under CWE-159. Published 2021-11-15.

Is CVE-2021-42375 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Busybox

CVE-2021-42375

An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under r…

EPSS: 0.001 (19.3th percentile) — read the EPSS interpretation.

Affected products

Busybox — versions unspecified

Weakness classification (CWE)

CWE-159

Public proof-of-concept exploits

isgo-golgo13/gokit-gorillakit-enginesvc

References

jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and…
FEDORA-2021-5a95823596 (vendor-advisory)
FEDORA-2021-c52c0fe490 (vendor-advisory)
security.netapp.com/advisory/ntap-20211223-0002/
claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-cl…

Frequently asked questions

What is CVE-2021-42375?: CVE-2021-42375 is a vulnerability in Busybox, classified under CWE-159. Published 2021-11-15.
Is CVE-2021-42375 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.