Improper Neutralization of Escape, Meta, or Control Sequences

CVE-2024-58251

Low

2.5/10

Summary

In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: LOW

CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences

The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component.

References

Advisory Timeline

Published Apr 23, 2025

Improper Neutralization of Escape, Meta, or Control Sequences

CVE-2024-58251

Summary

CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS