Login Sign Up

CVE-2021-42379

7.2 HIGH

📋 TL;DR

CVE-2021-42379 is a use-after-free vulnerability in BusyBox's awk applet that can be triggered by processing a specially crafted awk pattern. This could lead to denial of service or potentially remote code execution. It affects systems using vulnerable versions of BusyBox with the awk applet enabled.

💻 Affected Systems

Products:
  • BusyBox
Versions: Versions prior to 1.34.0
Operating Systems: Linux distributions with BusyBox, Embedded systems, IoT devices
Default Config Vulnerable: ⚠️ Yes
Notes: Only vulnerable if the awk applet is compiled into BusyBox (it's commonly included).

📦 What is this software?

Busybox by Busybox

View all CVEs affecting Busybox →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the BusyBox process, potentially leading to full system compromise.

🟠

Likely Case

Denial of service causing BusyBox to crash when processing malicious awk input.

🟢

If Mitigated

Limited impact if BusyBox runs with minimal privileges and proper input validation is in place.

🌐 Internet-Facing: MEDIUM - Exploitation requires processing attacker-controlled awk patterns, which could occur through web applications or network services using BusyBox awk.
🏢 Internal Only: MEDIUM - Similar risk internally if systems process untrusted awk patterns from internal sources.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires getting the target to process a malicious awk pattern, which may require social engineering or other attack vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: BusyBox 1.34.0 and later

Vendor Advisory: https://git.busybox.net/busybox/commit/?id=bd4c42a69c5c

Restart Required: No

Instructions:

1. Update BusyBox to version 1.34.0 or later. 2. For embedded systems, update the firmware or rebuild BusyBox with the patched version. 3. Verify the update by checking the BusyBox version.

🔧 Temporary Workarounds

Disable awk applet

linux

Remove or disable the awk applet from BusyBox if not needed.

Recompile BusyBox without awk support: make menuconfig (deselect awk under 'Miscellaneous Utilities')

Input validation

all

Validate and sanitize awk patterns before passing to BusyBox awk.

🧯 If You Can't Patch

  • Restrict access to systems using BusyBox awk to trusted users only.
  • Implement network segmentation to isolate vulnerable systems from untrusted networks.

🔍 How to Verify

Check if Vulnerable:

Run 'busybox awk --version' or 'busybox | grep awk' to check if awk is included, then check BusyBox version.

Check Version:

busybox --version

Verify Fix Applied:

Verify BusyBox version is 1.34.0 or later with 'busybox --version'.

📡 Detection & Monitoring

Log Indicators:

  • BusyBox crash logs
  • Segmentation fault errors involving awk

Network Indicators:

  • Unusual network traffic to services using BusyBox awk

SIEM Query:

source="*busybox*" AND ("segmentation fault" OR "crash" OR "awk")

📊 Metadata

CVE ID: CVE-2021-42379
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: November 15, 2021
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-42379, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)