ID CVE-2021-42375
Summary An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.
References
Vulnerable Configurations
  • cpe:2.3:a:busybox:busybox:1.33.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.33.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
CVSS
Base: 1.9 (as of 31-03-2022 - 16:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:M/Au:N/C:N/I:N/A:P
Last major update 31-03-2022 - 16:29
Published 15-11-2021 - 21:15
Last modified 31-03-2022 - 16:29
Back to Top