Forum: >>> Magnum BBS <<<

Bug#1104009: busybox: CVE-2024-58251

From Salvatore Bonaccorso@21:1/5 to All on Thu Apr 24 08:50:01 2025

XPost: linux.debian.maint.boot

Source: busybox
Version: 1:1.37.0-4
Severity: important
Tags: security upstream
Forwarded: https://bugs.busybox.net/show_bug.cgi?id=15922
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerability was published for busybox.

CVE-2024-58251[0]:
| In netstat in BusyBox through 1.37.0, local users can launch of
| network application with an argv[0] containing an ANSI terminal
| escape sequence, leading to a denial of service (terminal locked up)
| when netstat is used by a victim.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-58251
https://www.cve.org/CVERecord?id=CVE-2024-58251
[1] https://bugs.busybox.net/show_bug.cgi?id=15922

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	486
Nodes:	16 (2 / 14)
Uptime:	136:31:23
Calls:	9,657
Calls today:	5
Files:	13,707
Messages:	6,167,058