From 220effe542c798f127746cfc258dcf3f1ec1f24c Mon Sep 17 00:00:00 2001 From: ch_r Date: Wed, 17 Sep 2025 08:39:04 +0000 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8DCVE-2024-58251?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: ch_r --- backport-CVE-2024-58251.patch | 40 +++++++++++++++++++++++++++++++++++ busybox.spec | 9 +++++++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2024-58251.patch diff --git a/backport-CVE-2024-58251.patch b/backport-CVE-2024-58251.patch new file mode 100644 index 0000000..90896b5 --- /dev/null +++ b/backport-CVE-2024-58251.patch @@ -0,0 +1,40 @@ +From 7bf400d5b8d9c68595ac18e50c8234aba0409deb Mon Sep 17 00:00:00 2001 +From: Kyle Steere +Date: Wed, 17 Sep 2025 10:02:31 +0800 +Subject: [PATCH] Fix CVE-2024-58251 - sanitize process names when + calling netstat + +In BusyBox netstat, local users can launch a network application with an +argv[0] containing ANSI terminal escape sequences, leading to a denial of +service (terminal locked up) when netstat is used by a victim. + +This patch sanitizes the process name before storing it in the cache, +replacing any non-printable characters (including escape sequences) with +'?'. + +CVE-2024-58251: https://nvd.nist.gov/vuln/detail/CVE-2024-58251 + +Signed-off-by: Kyle Steere +--- + networking/netstat.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/networking/netstat.c b/networking/netstat.c +index 807800a..5ed8fc6 100644 +--- a/networking/netstat.c ++++ b/networking/netstat.c +@@ -316,7 +316,11 @@ static int FAST_FUNC dir_act(struct recursive_state *state, + + /* go through all files in /proc/PID/fd and check whether they are sockets */ + strcpy(proc_pid_fname + len - (sizeof("cmdline")-1), "fd"); +- pid_slash_progname = concat_path_file(pid, bb_basename(cmdline_buf)); /* "PID/argv0" */ ++ ++ /* Sanitize the program name to prevent ANSI escape sequences(CVE-2024-58251) */ ++ /* printable_string() returns a string with non-printable chars replaced by '?' */ ++ const char *sanitized_name = printable_string(bb_basename(cmdline_buf)); ++ pid_slash_progname = concat_path_file(pid, sanitized_name); /* "PID/argv0" */ + n = recursive_action(proc_pid_fname, + ACTION_RECURSE | ACTION_QUIET, + add_to_prg_cache_if_socket, +-- +2.12.3 \ No newline at end of file diff --git a/busybox.spec b/busybox.spec index 036492c..6f913a0 100644 --- a/busybox.spec +++ b/busybox.spec @@ -1,7 +1,7 @@ Name: busybox Epoch: 1 Version: 1.36.1 -Release: 11 +Release: 12 Summary: The Swiss Army Knife of Embedded Linux License: GPL-2.0-only URL: https://www.busybox.net @@ -19,6 +19,7 @@ Patch6003: backport-CVE-2023-42364-CVE-2023-42365.patch Patch6004: backport-CVE-2023-42366.patch Patch6005: backport-CVE-2023-39810.patch Patch6006: backport-CVE-2025-46394.patch +Patch6007: backport-CVE-2024-58251.patch #Dependency BuildRequires: gcc glibc-static @@ -90,6 +91,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1 %{_mandir}/man1/busybox.petitboot.1* %changelog +* Wed Sep 17 2025 renchunhui - 1:1.36.1-12 +- Type:CVE +- Id:NA +- SUG:NA +- DESC:fix CVE-2024-58251 + * Fri Jul 18 2025 dongyuzhen - 1:1.36.1-11 - Type:CVE - Id:NA -- Gitee