diff --git a/backport-CVE-2024-58251.patch b/backport-CVE-2024-58251.patch new file mode 100644 index 0000000000000000000000000000000000000000..f3c7454482ff2993a69fe4959f4897bb8d3e53ad --- /dev/null +++ b/backport-CVE-2024-58251.patch @@ -0,0 +1,40 @@ +From 7bf400d5b8d9c68595ac18e50c8234aba0409deb Mon Sep 17 00:00:00 2001 +From: Kyle Steere +Date: Wed, 17 Sep 2025 10:02:31 +0800 +Subject: [PATCH] Fix CVE-2024-58251 - sanitize process names when + calling netstat + +In BusyBox netstat, local users can launch a network application with an +argv[0] containing ANSI terminal escape sequences, leading to a denial of +service (terminal locked up) when netstat is used by a victim. + +This patch sanitizes the process name before storing it in the cache, +replacing any non-printable characters (including escape sequences) with +'?'. + +CVE-2024-58251: https://nvd.nist.gov/vuln/detail/CVE-2024-58251 + +Signed-off-by: Kyle Steere +--- + networking/netstat.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/networking/netstat.c b/networking/netstat.c +index 807800a..5ed8fc6 100644 +--- a/networking/netstat.c ++++ b/networking/netstat.c +@@ -316,7 +316,11 @@ static int FAST_FUNC dir_act(struct recursive_state *state, + + /* go through all files in /proc/PID/fd and check whether they are sockets */ + strcpy(proc_pid_fname + len - (sizeof("cmdline")-1), "fd"); +- pid_slash_progname = concat_path_file(pid, bb_basename(cmdline_buf)); /* "PID/argv0" */ ++ ++ /* Sanitize the program name to prevent ANSI escape sequences(CVE-2024-58251) */ ++ /* printable_string() returns a string with non-printable chars replaced by '?' */ ++ const char *sanitized_name = printable_string(bb_basename(cmdline_buf)); ++ pid_slash_progname = concat_path_file(pid, sanitized_name); /* "PID/argv0" */ + n = recursive_action(proc_pid_fname, + ACTION_RECURSE | ACTION_QUIET, + add_to_prg_cache_if_socket, +-- +2.12.3 diff --git a/busybox.spec b/busybox.spec index d38664555a1bee8174825a76cf6e2abfddab567d..52cba16c851cfd889baabf70a0bc57777d7147eb 100644 --- a/busybox.spec +++ b/busybox.spec @@ -4,7 +4,7 @@ %endif %if "%{!?RELEASE:1}" -%define RELEASE 25 +%define RELEASE 26 %endif Epoch: 1 @@ -29,6 +29,7 @@ Patch6005: backport-CVE-2023-42364-CVE-2023-42365.patch Patch6006: backport-CVE-2023-42366.patch Patch6007: backport-CVE-2023-39810.patch Patch6008: backport-CVE-2025-46394.patch +Patch6009: backport-CVE-2024-58251.patch BuildRoot: %_topdir/BUILDROOT #Dependency @@ -104,6 +105,12 @@ install -m 644 docs/busybox.dynamic.1 $RPM_BUILD_ROOT/%{_mandir}/man1/busybox.1 %{_mandir}/man1/busybox.petitboot.1.gz %changelog +* Thu Sep 18 2025 dongyuzhen - 1:1.34.1-26 +- Type:CVE +- Id:NA +- SUG:NA +- DESC:fix CVE-2024-58251 + * Fri Jul 18 2025 dongyuzhen - 1:1.34.1-25 - Type:CVE - Id:NA