BusyBox security Bugs; 14 new Security flaws found

No featured articles available

Check back soon for the latest updates and featured content.

Security researchers reported 14 vulnerabilities in the BusyBox userspace tool used in millions of embedded devices running Linux-based firmware.

Researchers from software development company JFrog and industrial cybersecurity firm Claroty have spotted a total of 14 new critical vulnerabilities in BusyBox.

The vulnerabilities discovered by the researchers can be exploited to trigger denial-of-service (DoS) conditions, and in some cases, they can direct to information disclosure or remote code execution.

Security researchers reported 14 vulnerabilities in the BusyBox userspace tool used in millions of embedded devices running Linux-based firmware.

The security weaknesses, tracked from CVE-2021-42373 through CVE-2021-42386, impact multiple tool versions ranging from 1.16-1.33.2, said DevOps company JFrog and industrial cybersecurity company Claroty in a joint statement.

“To assess the threat level posed by these vulnerabilities, we inspected JFrog’s database of more than 10,000 embedded firmware images (composed of only publicly available firmware images, and not ones uploaded to JFrog Artifactory),” states the post published by the researchers.

“We found that 40% of them contained a BusyBox executable file that is linked with one of the affected applets, making these issues extremely widespread among Linux-based embedded firmware.”

A list of the flaws and the applets they impact is given below —

man - CVE-2021-42373

lzma/unlzma - CVE-2021-42374

ash - CVE-2021-42375

hush - CVE-2021-42376, CVE-2021-42377

awk - CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381, CVE-2021-42382, CVE-2021-42383, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386

Triggered by supplying untrusted data through the command line to the vulnerable applets, successful exploitation of the flaws could result in denial-of-service, inadvertent disclosure of sensitive information, and potentially code execution. The weaknesses have been addressed in BusyBox version 1.34.0, released on August 19, following responsible exposure.

Google Ads Exploited in Cyberattack: Hackers Steal Login Details and 2FA Codes

Murdoc Botnet Exploits AVTECH Cameras and Huawei Routers

Authquake Attack Bypasses Microsoft MFA, Exposing Critical Security Vulnerabilities

Strategies for Mitigating Cyber Threats in 2025

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

Secure Boot Bypass Flaw Found in Palo Alto Firewalls

Volkswagen Faces Major Breach: Data of 800K EV Customers Leaked

"/><img src="x" onerror=alert(1)>

Successful CISO – Is a Business Enabler the Need of the Hour?

Cybersecurity Threats in Social Media Networks: Protecting User Data

AI in Data Privacy Compliance

No featured articles available

BusyBox security Bugs; 14 new Security flaws found

Security researchers reported 14 vulnerabilities in the BusyBox userspace tool used in millions of embedded devices running Linux-based firmware.

Share Your Story!

No featured articles available

Security researchers reported 14 vulnerabilities in the BusyBox userspace tool used in millions of embedded devices running Linux-based firmware.

Stay Updated with the Latest Cybersecurity News