Bug#1104009: busybox: CVE-2024-58251

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1104009: busybox: CVE-2024-58251
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 24 Apr 2025 08:46:18 +0200
Message-id: <[🔎] 174547717845.2152155.13380801198062781026.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1104009@bugs.debian.org

Source: busybox
Version: 1:1.37.0-4
Severity: important
Tags: security upstream
Forwarded: https://bugs.busybox.net/show_bug.cgi?id=15922
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for busybox.

CVE-2024-58251[0]:
| In netstat in BusyBox through 1.37.0, local users can launch of
| network application with an argv[0] containing an ANSI terminal
| escape sequence, leading to a denial of service (terminal locked up)
| when netstat is used by a victim.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-58251
    https://www.cve.org/CVERecord?id=CVE-2024-58251
[1] https://bugs.busybox.net/show_bug.cgi?id=15922

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply to:

Prev by Date: Re: Uploading linux (6.12.24-1)
Next by Date: Bug#1104008: busybox: CVE-2025-46394
Previous by thread: Processed: Re: Bug#1055307: busybox: CVE-2023-39810
Next by thread: Bug#1104008: busybox: CVE-2025-46394
Index(es):
- Date
- Thread