Vulnerability - CVE-2023-42366

Name

CVE-2023-42366

Source

NVD ( link)Debian ( link)

Description

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

CWEs

CWE-787

Published Date

Nov 27, 2023

Updated Date

Jun 17, 2026

Workaround

Advisories

https://bugs.busybox.net/show_bug.cgi?id=15874Exploit

Analysis#

Affected Component

Analysis

busybox

Patched

Vulnerability Rating#

5.5

CVSSv31

Others affected components#

Name

Project

Project Version

Version

Status

busybox

buildroot

2025.02.x

1.37.0

Not Affected

busybox

buildroot

master

1.38.0

Not Affected

busybox

openwrt

master

1.38.0-r2

Not Affected

busybox

openwrt

openwrt-25.12

1.37.0-r6

Not Affected

busybox

yocto

kirkstone

1.35.0

Patched

busybox

yocto

master

1.38.0

Not Affected

Resolved with patches#

busybox (buildroot:2025.02.x)

Title

Author

Resolve

awk.c: fix CVE-2023-42366 (bug #15874)

Valery Ushakov <uwe@stderr.spb.ru>

CVE-2023-42366

busybox (buildroot:master)

Title

Author

Resolve

awk.c: fix CVE-2023-42366 (bug #15874)

Valery Ushakov <uwe@stderr.spb.ru>

CVE-2023-42366

busybox (yocto:kirkstone)

Title

Author

Resolve

awk.c: fix CVE-2023-42366 (bug #15874)

Valery Ushakov <uwe@stderr.spb.ru>

CVE-2023-42366

busybox (yocto:scarthgap)

Title

Author

Resolve

awk.c: fix CVE-2023-42366 (bug #15874)

Valery Ushakov <uwe@stderr.spb.ru>

CVE-2023-42366