CVE-2021-42384: 
NixOS vulnerability analysis and mitigation

CVE-2021-42384 is a use-after-free vulnerability discovered in BusyBox's awk applet that affects versions 1.18.0 through 1.33.1. The vulnerability was discovered by researchers from Claroty's Team82 and JFrog, and was disclosed in November 2021. The issue occurs when processing a crafted awk pattern in the handle_special function (Claroty Research, JFrog Blog).

The vulnerability is rated with a CVSS v3.1 Base Score of 7.2 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The issue specifically occurs in the awk applet's handle_special function when processing specially crafted awk patterns. The vulnerability can only be triggered if the attacker can supply an arbitrary pattern to awk as the first positional argument (NVD, Claroty Research).

When successfully exploited, this vulnerability can lead to denial of service conditions and potentially remote code execution. The impact is somewhat mitigated by the fact that applets typically run as separate forked processes. However, in environments where awk patterns can be controlled by external input, the risk is more significant (JFrog Blog).

The vulnerability has been fixed in BusyBox version 1.34.0. For systems unable to upgrade, a workaround is available by compiling BusyBox without the vulnerable awk functionality by commenting out CONFIG_AWK=y in the configuration file. Organizations are strongly encouraged to upgrade to version 1.34.0 or later to address this and other related vulnerabilities (JFrog Blog).