busybox (SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS package busybox, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2026-26158 — CVSS 7.0 (high): A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting…
CVE-2026-26157 — CVSS 7.0 (high): A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious…
CVE-2025-60876 — CVSS 6.5 (medium): BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the…
CVE-2023-42364 — CVSS 5.5 (medium): A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c…
CVE-2023-42365 — CVSS 5.5 (medium): A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
CVE-2023-42363 — CVSS 5.5 (medium): A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
CVE-2025-46394 — CVSS 3.2 (low): In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.