A heap overflow in the evalcommand() function (shell/ash...
High severity
Unreviewed
Published
Jul 16, 2026
to the GitHub Advisory Database
•
Updated Jul 16, 2026
Description
Published by the National Vulnerability Database
Jul 15, 2026
Published to the GitHub Advisory Database
Jul 16, 2026
Last updated
Jul 16, 2026
A heap overflow in the evalcommand() function (shell/ash.c) of Busybox v1.38.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input.
References