A use-after-free vulnerability in BusyBox v.1.36.1 allows malicious users to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.
Debian Bug report logs -
#1059051
busybox: CVE-2023-42364
Package:
src:busybox;
Maintainer for src:busybox is Debian Install System Team <debian-boot@listsdebianorg>;
Reported by: Moritz Mühlenhoff <jmm@inutilorg>
Date: Tue, 19 Dec 2023 21:21:05 UTC
Severity: important
Tags: security, upstream
Forwarded to ht ...
DescriptionThe MITRE CVE dictionary describes this issue as: A use-after-free vulnerability in BusyBox v1361 allows attackers to cause a denial of service via a crafted awk pattern in the awkc evaluate function ...