CNNVD-202511-914 Information

CNNVD ID

CNNVD-202511-914

Related CVE

CVE-2025-60876

• CNNVD Published: 2025-11-10

Description (Chinese)

BusyBox是乌克兰Denis Vlasenko个人开发者的一套包含了多个linux命令和工具的应用程序。 BusyBox 1.3.7及之前版本存在安全漏洞，该漏洞源于HTTP请求目标中接受原始CR和LF等C0控制字节，可能导致请求行拆分和攻击者控制标头注入。

Description (English)

BusyBox is a set of applications by Ukrainian individual Denis Vlasenko that contain a number of Linux commands and tools. BusyBox 1.3.7 and previous versions contain a security loophole, which stems from the acceptance of the original C0 control bytes, such as CR and LF, in the HTTP requested target, which may lead to the request for split and the attacker ’ s control point injection.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-10

Last Modified

2026-02-24

References

https://gist.github.com/subyumatest/41554af6a72aedaacaec026adc311092 https://lists.busybox.net/pipermail/busybox/attachments/20250823/ccdc96ef/attachment-0001.htm https://lists.busybox.net/pipermail/busybox/attachments/20250828/e7f90492/attachment.htm