CVE-2022-48174

EUVD-2022-50885
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
Affected Products (NVD)
VendorProductVersion
debiandebian_linux
11.0
busyboxbusybox
𝑥
≤ 1.36.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
busybox
bookworm
postponed
bullseye
no-dsa
buster
no-dsa
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
busybox
bionic
Fixed 1:1.27.2-2ubuntu3.4+esm1
released
focal
Fixed 1:1.30.1-4ubuntu6.5
released
jammy
Fixed 1:1.30.1-7ubuntu3.1
released
lunar
ignored
mantic
ignored
noble
Fixed 1:1.36.1-6ubuntu3.1
released
trusty
Fixed 1:1.21.0-1ubuntu1.4+esm1
released
xenial
Fixed 1:1.22.0-15ubuntu1.4+esm2
released
Common Weakness Enumeration
References
https://bugs.busybox.net/show_bug.cgi?id=15216
https://bugs.busybox.net/show_bug.cgi?id=15216
https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html
https://security.netapp.com/advisory/ntap-20241129-0001/