CVE-2024-58251

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.

CVSS v3 2.5 LOW

2.5^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://bugs.busybox.net/show_bug.cgi?id=15922
https://www.busybox.net
https://www.busybox.net/downloads/
http://www.openwall.com/lists/oss-security/2025/04/23/6

Configurations

No configuration.

History

29 Apr 2025, 13:52

Type	Values Removed	Values Added
Summary		(es) En netstat en BusyBox hasta la versión 1.37.0, los usuarios locales pueden iniciar una aplicación de red con un argv[0] que contiene una secuencia de escape de terminal ANSI, lo que genera una denegación de servicio (terminal bloqueada) cuando una víctima utiliza netstat.

23 Apr 2025, 23:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2025/04/23/6 -

23 Apr 2025, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-23 18:16

Updated : 2025-04-29 13:52

NVD link : CVE-2024-58251

Mitre link : CVE-2024-58251

CVE.ORG link : CVE-2024-58251

JSON object : View

Products Affected

No product.

CWE

CWE-150

Improper Neutralization of Escape, Meta, or Control Sequences

2.5 /10