CVE-2022-48174

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
busyboxbusybox
𝑥
≤ 1.36.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
busybox
bullseye
no-dsa
bookworm
postponed
buster
no-dsa
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
busybox
noble
Fixed 1:1.36.1-6ubuntu3.1
released
mantic
ignored
lunar
ignored
jammy
Fixed 1:1.30.1-7ubuntu3.1
released
focal
Fixed 1:1.30.1-4ubuntu6.5
released
bionic
Fixed 1:1.27.2-2ubuntu3.4+esm1
released
xenial
Fixed 1:1.22.0-15ubuntu1.4+esm2
released
trusty
Fixed 1:1.21.0-1ubuntu1.4+esm1
released
Common Weakness Enumeration
References
https://bugs.busybox.net/show_bug.cgi?id=15216
https://bugs.busybox.net/show_bug.cgi?id=15216
https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html
https://security.netapp.com/advisory/ntap-20241129-0001/