Stack overflow vulnerability in ash.c:6030 in busybox before 1.35 can be executed from command to arbitrary code execution.

Brocade SANnav

1 more products

25414

13 February 2025

13 February 2025

CLOSED

LOW

9.8 -- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-48174

Brocade Security Advisory ID

 BSA-2025-2374

Component

 busybox

 

 

Summary 

BusyBox is vulnerable to memory corruption due to improper validation of user-supplied input. An attacker could exploit this to corrupt memory by tricking a victim into processing a crafted file to cause a stack-based buffer overflow. Further impacts may include serious confidentiality, integrity, and availability implications or the execution of arbitrary code.

 

Products Affected

Brocade ASCG versions before 3.0

 

Products Not Affected

Brocade Fabric OS
[VEX Justification: Vulnerable_code_cannot_be_contolled_by_adversary]

Brocade SANnav
[VEX Justification: Vulnerable_code_not_in_execute_path]

 

Solution

Security update provided in Brocade ASCG 3.0

While not exploitable, Security update provided in SANnav 2.3.1b and 2.4.0

 

Revision History

Version

Change

Date

1.0

Initial Publication

 February 13, 2025

 

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.