Prevent escape sequence from causing denial of service Potentially fixes issue #15922
From: Kyle Steere <kyle.ste...@chainguard.dev> Date: Thu, 21 Aug 2025 14:00:00 -0500 Subject: [PATCH] Fix CVE-2024-58251 - sanitize process names when calling netstat In BusyBox netstat, local users can launch a network application with an argv[0] containing ANSI terminal escape sequences, leading to a denial of service (terminal locked up) when netstat is used by a victim. This patch sanitizes the process name before storing it in the cache, replacing any non-printable characters (including escape sequences) with '?'. CVE-2024-58251: https://nvd.nist.gov/vuln/detail/CVE-2024-58251 Signed-off-by: Kyle Steere <kyle.ste...@chainguard.dev> --- networking/netstat.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/networking/netstat.c +++ b/networking/netstat.c @@ -316,7 +316,11 @@ static int FAST_FUNC dir_act(struct recursive_state *state, /* go through all files in /proc/PID/fd and check whether they are sockets */ strcpy(proc_pid_fname + len - (sizeof("cmdline")-1), "fd"); - pid_slash_progname = concat_path_file(pid, bb_basename(cmdline_buf)); /* "PID/argv0" */ + + /* Sanitize the program name to prevent ANSI escape sequences (CVE-2024-58251) */ + /* printable_string() returns a string with non-printable chars replaced by '?' */ + const char *sanitized_name = printable_string(bb_basename(cmdline_buf)); + pid_slash_progname = concat_path_file(pid, sanitized_name); /* "PID/argv0" */ n = recursive_action(proc_pid_fname, ACTION_RECURSE | ACTION_QUIET, add_to_prg_cache_if_socket, Kyle Steere Senior Software Engineer Chainguard kyle.ste...@chainguard.dev | chainguard.dev <http://www.chainguard.dev> <https://github.com/chainguard-dev> <https://www.linkedin.com/company/chainguard-dev/> <https://x.com/chainguard_dev>
_______________________________________________ busybox mailing list busybox@busybox.net https://lists.busybox.net/mailman/listinfo/busybox
