An incorrect handling of a special element in Busybox's ash applet before version 1.34.0 leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for denial service under rare conditions of filtered command input.
An incorrect handling of a special element in Busybox's ash applet before version 1.34.0 leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for denial service under rare conditions of filtered command input.
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/