Fluid Attacks Database

Description

An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	busybox	=1:1.30.1-6 \|\| =1:1.30.1-6+deb11u1 \|\| =1:1.30.1-7 \|\| =1:1.35.0-1 \|\| =1:1.35.0-2 \|\| =1:1.35.0-2+hurd.1 \|\| =1:1.35.0-2+hurd.2 \|\| =1:1.35.0-3 \|\| =1:1.35.0-4 \|\| =1:1.36.0-1~exp1 \|\| =1:1.36.1-1 \|\| =1:1.36.1-2 \|\| =1:1.36.1-3 \|\| =1:1.36.1-3.1 \|\| =1:1.36.1-4 \|\| =1:1.36.1-5 \|\| =1:1.36.1-6 \|\| =1:1.36.1-6~exp.1 \|\| =1:1.36.1-7 \|\| =1:1.36.1-8 \|\| =1:1.36.1-9 \|\| =1:1.37.0-1 \|\| =1:1.37.0-10 \|\| =1:1.37.0-10.1 \|\| =1:1.37.0-2 \|\| =1:1.37.0-3 \|\| =1:1.37.0-4 \|\| =1:1.37.0-5 \|\| =1:1.37.0-6 \|\| =1:1.37.0-7 \|\| =1:1.37.0-8 \|\| =1:1.37.0-9	-
debian 12	busybox	=1:1.35.0-4 \|\| =1:1.35.0-4+deb12u1 \|\| =1:1.36.0-1~exp1 \|\| =1:1.36.1-1 \|\| =1:1.36.1-2 \|\| =1:1.36.1-3 \|\| =1:1.36.1-3.1 \|\| =1:1.36.1-4 \|\| =1:1.36.1-5 \|\| =1:1.36.1-6 \|\| =1:1.36.1-6~exp.1 \|\| =1:1.36.1-7 \|\| =1:1.36.1-8 \|\| =1:1.36.1-9 \|\| =1:1.37.0-1 \|\| =1:1.37.0-10 \|\| =1:1.37.0-10.1 \|\| =1:1.37.0-2 \|\| =1:1.37.0-3 \|\| =1:1.37.0-4 \|\| =1:1.37.0-5 \|\| =1:1.37.0-6 \|\| =1:1.37.0-7 \|\| =1:1.37.0-8 \|\| =1:1.37.0-9	-
debian 13	busybox	=1:1.37.0-10 \|\| =1:1.37.0-10.1 \|\| =1:1.37.0-6 \|\| =1:1.37.0-7 \|\| =1:1.37.0-8 \|\| =1:1.37.0-9	-
debian 14	busybox	=1:1.37.0-6 \|\| >=0 <1:1.37.0-7	1:1.37.0-7

Aliases

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.