Security context

What an agent needs to avoid regressing past fixes and find the next vuln in this repo.

mirror/busybox
master @ 371fe9f
113
Fixes
0
CVEs
HIGH
Peak severity
Highlights
Buffer Overflow: 32 prior fixes. Scrutinize any change in this area.
shell/ash.c: most-fixed (8 issues). Treat as high-risk during review.
53 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns

The bug types that recur here, drawn from past fixes, not open vulnerabilities.

Use After Free: Evaluations of nested field assignments can trigger reallocation of the global Fields array, leaving existing pointers stale and leading to remote code execution or denial of service.
Path Traversal: During archive extraction, processing of nested directory paths, absolute target paths, or parent directory references ('..') inside symbolic links allows attackers to write files outside of the intended destination.
Authentication Bypass: Flaws in shadow password file lookups, such as ignoring NULL result pointers from getspnam_r or missing fallback verification, can allow unauthorized users to authenticate with blank or unvalidated passwords.