Bug#1104009: busybox: CVE-2024-58251
Source: busybox
Version: 1:1.37.0-4
Severity: important
Tags: security upstream
Forwarded: https://bugs.busybox.net/show_bug.cgi?id=15922
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for busybox.
CVE-2024-58251[0]:
| In netstat in BusyBox through 1.37.0, local users can launch of
| network application with an argv[0] containing an ANSI terminal
| escape sequence, leading to a denial of service (terminal locked up)
| when netstat is used by a victim.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-58251
https://www.cve.org/CVERecord?id=CVE-2024-58251
[1] https://bugs.busybox.net/show_bug.cgi?id=15922
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply to: