Busybox bugs uncovered?

https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
Found this today, is our busybox affected by these bugs?

From the article your linked:

All vulnerabilities were privately disclosed and fixed by BusyBox in version 1.34.0

We are using 1.34.1 on master.

But in the 21.02 we still have 1.33.1

2 Likes

Also that bugs can be exploited when users have shell access to OpenWrt.

But since almost all of devices comes with one user mostly root, then you're saved.

3 Likes

And how many users do actually use master or will ever consider using the master?
That only mean something in a couple of years when todays master is a release.

What I meant with this post was that I guess the question from the general public users will sooner or later be if 21.02 will be upgraded or left as it is?