csaf_certbund - wid-sec-w-2025-0879

wid-sec-w-2025-0879

Vulnerability from csaf_certbund

Published

2025-04-23 22:00

Modified

2025-07-23 22:00

Summary

BusyBox: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

BusyBox ist ein Computerprogramm, das verschiedene Standard-Unix-Dienstprogramme in einem einzelnen Programm vereint.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in BusyBox ausnutzen, um einen Denial of Service Angriff durchzuführen und um Dateien zu manipulieren.

Betroffene Betriebssysteme

- Linux - UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "niedrig"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "BusyBox ist ein Computerprogramm, das verschiedene Standard-Unix-Dienstprogramme in einem einzelnen Programm vereint.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in BusyBox ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und um Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0879 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0879.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0879 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0879"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-rrv5-483w-xmr9 vom 2025-04-23",
        "url": "https://github.com/advisories/GHSA-rrv5-483w-xmr9"
      },
      {
        "category": "external",
        "summary": "Busybox Bugtracker #15922 vom 2025-04-23",
        "url": "https://bugs.busybox.net/show_bug.cgi?id=15922"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-wp4q-9jq4-gv74 vom 2025-04-23",
        "url": "https://github.com/advisories/GHSA-wp4q-9jq4-gv74"
      },
      {
        "category": "external",
        "summary": "Busybox Bugtracker #16018 vom 2025-04-23",
        "url": "https://bugs.busybox.net/show_bug.cgi?id=16018"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K000152680 vom 2025-07-23",
        "url": "https://my.f5.com/manage/s/article/K000152680"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K000152678 vom 2025-07-23",
        "url": "https://my.f5.com/manage/s/article/K000152678"
      }
    ],
    "source_lang": "en-US",
    "title": "BusyBox: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-07-23T22:00:00.000+00:00",
      "generator": {
        "date": "2025-07-24T07:52:00.791+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-0879",
      "initial_release_date": "2025-04-23T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-04-23T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-07-23T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von F5 aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "F5 BIG-IP",
            "product": {
              "name": "F5 BIG-IP",
              "product_id": "T001663",
              "product_identification_helper": {
                "cpe": "cpe:/a:f5:big-ip:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "F5"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=1.37.0",
                "product": {
                  "name": "Open Source BusyBox \u003c=1.37.0",
                  "product_id": "T043133"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=1.37.0",
                "product": {
                  "name": "Open Source BusyBox \u003c=1.37.0",
                  "product_id": "T043133-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "BusyBox"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-58251",
      "product_status": {
        "known_affected": [
          "T001663"
        ],
        "last_affected": [
          "T043133"
        ]
      },
      "release_date": "2025-04-23T22:00:00.000+00:00",
      "title": "CVE-2024-58251"
    },
    {
      "cve": "CVE-2025-46394",
      "product_status": {
        "known_affected": [
          "T001663"
        ],
        "last_affected": [
          "T043133"
        ]
      },
      "release_date": "2025-04-23T22:00:00.000+00:00",
      "title": "CVE-2025-46394"
    }
  ]
}

CVE-2024-58251 (GCVE-0-2024-58251)

Vulnerability from cvelistv5

Published

2025-04-23 00:00

Modified

2025-04-23 23:02

Severity ?

2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE

CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences

Summary

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.

References

►

URL

Tags

	https://www.busybox.net/downloads/
	https://www.busybox.net
	https://bugs.busybox.net/show_bug.cgi?id=15922

Impacted products

	Vendor	Product	Version
	BusyBox	BusyBox	Version: 0 ≤ 1.37.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-58251",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T18:35:32.203124Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T18:35:45.246Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-23T23:02:52.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/23/6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "BusyBox",
          "vendor": "BusyBox",
          "versions": [
            {
              "lessThanOrEqual": "1.37.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "1.37.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-150",
              "description": "CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-23T17:13:03.213Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.busybox.net/downloads/"
        },
        {
          "url": "https://www.busybox.net"
        },
        {
          "url": "https://bugs.busybox.net/show_bug.cgi?id=15922"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-58251",
    "datePublished": "2025-04-23T00:00:00.000Z",
    "dateReserved": "2025-04-23T00:00:00.000Z",
    "dateUpdated": "2025-04-23T23:02:52.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-46394 (GCVE-0-2025-46394)

Vulnerability from cvelistv5

Published

2025-04-23 00:00

Modified

2025-04-24 20:03

Severity ?

3.2 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE

CWE-451 - User Interface (UI) Misrepresentation of Critical Information

Summary

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.

References

►

URL

Tags

	https://bugs.busybox.net/show_bug.cgi?id=16018
	https://www.busybox.net/downloads/
	https://www.busybox.net

Impacted products

	Vendor	Product	Version
	BusyBox	BusyBox	Version: 0 ≤ 1.37.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-46394",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:43:05.329877Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T15:43:19.302Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-24T20:03:24.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/23/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/24/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "BusyBox",
          "vendor": "BusyBox",
          "versions": [
            {
              "lessThanOrEqual": "1.37.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "1.37.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-451",
              "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-23T15:31:01.192Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.busybox.net/show_bug.cgi?id=16018"
        },
        {
          "url": "https://www.busybox.net/downloads/"
        },
        {
          "url": "https://www.busybox.net"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-46394",
    "datePublished": "2025-04-23T00:00:00.000Z",
    "dateReserved": "2025-04-23T00:00:00.000Z",
    "dateUpdated": "2025-04-24T20:03:24.126Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

wid-sec-w-2025-0879

Vulnerability from csaf_certbund

CVE-2024-58251 (GCVE-0-2024-58251)

Vulnerability from cvelistv5

CVE-2025-46394 (GCVE-0-2025-46394)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature