Published: 03/04/2022 Updated: 11/08/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

BusyBox up to and including 1.35.0 allows remote malicious users to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
busybox busybox

Debian Bug report logs - #1010264 CVE-2022-28391 Package: src:busybox; Maintainer for src:busybox is Debian Install System Team <debian-boot@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 27 Apr 2022 11:57:03 UTC Severity: important Tags: security, upstream Reply or subscribe to ...

Debian Bug report logs - #1010263 CVE-2022-1304 Package: e2fsprogs; Maintainer for e2fsprogs is Theodore Y Ts'o <tytso@mitedu>; Source for e2fsprogs is src:e2fsprogs (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 27 Apr 2022 11:57:01 UTC Severity: important Tags: security, upstre ...

An escape sequence injection attack was found in BusyBox on Alpine For this issue to occur, a remote host's virtual terminal must contain an escape sequence, and the victim must then execute netstat This flaw allows an attacker can inject arbitrary code, leading to a loss of integrity (CVE-2022-28391) ...

Workshop docker-compose about security concern on container

Workshop for introduce container security This repository is provided for learning about platform that report vulnerabilities in container image Prerequisite docker docker-compose How to use container cli Image base on Anchore-cli version 093, you can read Dockerfile in following FROM python:310-alpine315 LABEL Developer="Start" LABEL Platform="DevSecOps&

Dockerfile for local use FSWiki (FreeStyleWiki) with Markdown Plugin, CSP (Content Security Policy), and LaTeX/MathML rendering using MathJax.

Dockerfile and docker-composeyml for local use FSWiki 日本語 FSWiki (FreeStyleWiki) is a Wiki clone written in Perl (and JavaScript) Features This Dockerfile is to launch FSWiki enabling: CSP (Content Security Policy) protected Markdown Plugin (available Markdown syntax (in Japanese)) LaTeX (and MathML) rendering using MathJax Restriction of access only from localhost

crypto devops test

Crypto Devops Test 1 Dockerize: Write a Dockerfile to run Cosmos Gaia v710 (githubcom/cosmos/gaia) in a container It should download the source code, build it and run without any modifiers (ie docker run somerepo/gaia:v710 should run the daemon) as well as print its output to the console The build should be security conscious (and ideally pass a container imag

NVD-CWE-noinfo https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661 https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010264 https://github.com/StartloJ/lab_container_security https://alas.aws.amazon.com/ALAS-2022-1608.html

CVE-2022-28391

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect