diff --git a/package/busybox/0003-awk-fix-use-after-free-CVE-2022-30065.patch b/package/busybox/0003-awk-fix-use-after-free-CVE-2022-30065.patch
deleted file mode 100644
index f9bfee328e..0000000000
--- a/package/busybox/0003-awk-fix-use-after-free-CVE-2022-30065.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From e06b1f0839972cc3f5b432849d574d14a8f17613 Mon Sep 17 00:00:00 2001
-From: Natanael Copa <ncopa@alpinelinux.org>
-Date: Fri, 17 Jun 2022 17:45:34 +0200
-Subject: [PATCH] awk: fix use after free (CVE-2022-30065)
-
-fixes https://bugs.busybox.net/show_bug.cgi?id=14781
-
-function                                             old     new   delta
-evaluate                                            3343    3357     +14
-
-Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
-Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-Backport: https://git.busybox.net/busybox/commit/?id=e63d7cdfdac78c6fd27e9e63150335767592b85e
-[straightforward conflict resolution in testsuite/awk.tests]
-Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
----
- editors/awk.c       | 3 +++
- testsuite/awk.tests | 6 ++++++
- 2 files changed, 9 insertions(+)
-
-diff --git a/editors/awk.c b/editors/awk.c
-index f6314ac72..654cbac33 100644
---- a/editors/awk.c
-+++ b/editors/awk.c
-@@ -3114,6 +3114,9 @@ static var *evaluate(node *op, var *res)
- 
- 		case XC( OC_MOVE ):
- 			debug_printf_eval("MOVE\n");
-+			/* make sure that we never return a temp var */
-+			if (L.v == TMPVAR0)
-+				L.v = res;
- 			/* if source is a temporary string, jusk relink it to dest */
- 			if (R.v == TMPVAR1
- 			 && !(R.v->type & VF_NUMBER)
-diff --git a/testsuite/awk.tests b/testsuite/awk.tests
-index bcaafe8fd..156aa65eb 100755
---- a/testsuite/awk.tests
-+++ b/testsuite/awk.tests
-@@ -469,4 +469,10 @@ testing 'awk printf %% prints one %' \
- 	"%\n" \
- 	'' ''
- 
-+testing 'awk assign while test' \
-+	"awk '\$1==\$1=\"foo\" {print \$1}'" \
-+	"foo\n" \
-+	"" \
-+	"foo"
-+
- exit $FAILCOUNT
--- 
-2.37.3
-
diff --git a/package/busybox/0004-libbb-sockaddr2str-ensure-only-printable-characters-.patch b/package/busybox/0003-libbb-sockaddr2str-ensure-only-printable-characters-.patch
similarity index 100%
rename from package/busybox/0004-libbb-sockaddr2str-ensure-only-printable-characters-.patch
rename to package/busybox/0003-libbb-sockaddr2str-ensure-only-printable-characters-.patch
diff --git a/package/busybox/0005-nslookup-sanitize-all-printed-strings-with-printable.patch b/package/busybox/0004-nslookup-sanitize-all-printed-strings-with-printable.patch
similarity index 100%
rename from package/busybox/0005-nslookup-sanitize-all-printed-strings-with-printable.patch
rename to package/busybox/0004-nslookup-sanitize-all-printed-strings-with-printable.patch
diff --git a/package/busybox/busybox.config b/package/busybox/busybox.config
index e7f628ca6d..4826fb8242 100644
--- a/package/busybox/busybox.config
+++ b/package/busybox/busybox.config
@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
-# Busybox version: 1.35.0
-# Thu Jan 27 10:16:54 2022
+# Busybox version: 1.36.0
+# Tue Feb  7 12:34:02 2023
 #
 CONFIG_HAVE_DOT_CONFIG=y
 
@@ -93,6 +93,9 @@ CONFIG_FEATURE_BUFFERS_USE_MALLOC=y
 # CONFIG_FEATURE_BUFFERS_GO_IN_BSS is not set
 CONFIG_PASSWORD_MINLEN=6
 CONFIG_MD5_SMALL=1
+CONFIG_SHA1_SMALL=3
+CONFIG_SHA1_HWACCEL=y
+CONFIG_SHA256_HWACCEL=y
 CONFIG_SHA3_SMALL=1
 CONFIG_FEATURE_NON_POSIX_CP=y
 # CONFIG_FEATURE_VERBOSE_CP_MESSAGE is not set
@@ -123,6 +126,9 @@ CONFIG_LAST_SUPPORTED_WCHAR=0
 # CONFIG_UNICODE_BIDI_SUPPORT is not set
 # CONFIG_UNICODE_NEUTRAL_TABLE is not set
 # CONFIG_UNICODE_PRESERVE_BROKEN is not set
+# CONFIG_LOOP_CONFIGURE is not set
+# CONFIG_NO_LOOP_CONFIGURE is not set
+CONFIG_TRY_LOOP_CONFIGURE=y
 
 #
 # Applets
@@ -338,6 +344,7 @@ CONFIG_FEATURE_TR_CLASSES=y
 CONFIG_FEATURE_TR_EQUIV=y
 CONFIG_TRUE=y
 CONFIG_TRUNCATE=y
+CONFIG_TSORT=y
 CONFIG_TTY=y
 CONFIG_UNAME=y
 CONFIG_UNAME_OSNAME="GNU/Linux"
@@ -520,7 +527,7 @@ CONFIG_FEATURE_SHADOWPASSWDS=y
 # CONFIG_USE_BB_PWD_GRP is not set
 # CONFIG_USE_BB_SHADOW is not set
 CONFIG_USE_BB_CRYPT=y
-# CONFIG_USE_BB_CRYPT_SHA is not set
+CONFIG_USE_BB_CRYPT_SHA=y
 # CONFIG_ADD_SHELL is not set
 # CONFIG_REMOVE_SHELL is not set
 CONFIG_ADDGROUP=y
@@ -811,10 +818,10 @@ CONFIG_FEATURE_LESS_TRUNCATE=y
 CONFIG_FEATURE_LESS_REGEXP=y
 # CONFIG_FEATURE_LESS_WINCH is not set
 # CONFIG_FEATURE_LESS_ASK_TERMINAL is not set
-# CONFIG_FEATURE_LESS_DASHCMD is not set
+CONFIG_FEATURE_LESS_DASHCMD=y
 # CONFIG_FEATURE_LESS_LINENUMS is not set
-# CONFIG_FEATURE_LESS_RAW is not set
-# CONFIG_FEATURE_LESS_ENV is not set
+CONFIG_FEATURE_LESS_RAW=y
+CONFIG_FEATURE_LESS_ENV=y
 CONFIG_LSSCSI=y
 CONFIG_MAKEDEVS=y
 # CONFIG_FEATURE_MAKEDEVS_LEAF is not set
@@ -831,10 +838,12 @@ CONFIG_PARTPROBE=y
 # CONFIG_RFKILL is not set
 CONFIG_RUNLEVEL=y
 # CONFIG_RX is not set
+CONFIG_SEEDRNG=y
 CONFIG_SETFATTR=y
 CONFIG_SETSERIAL=y
 CONFIG_STRINGS=y
 CONFIG_TIME=y
+CONFIG_TREE=y
 CONFIG_TS=y
 # CONFIG_TTYSIZE is not set
 # CONFIG_UBIATTACH is not set
@@ -1007,6 +1016,7 @@ CONFIG_UDHCPC=y
 CONFIG_FEATURE_UDHCPC_ARPING=y
 CONFIG_FEATURE_UDHCPC_SANITIZEOPT=y
 CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
+CONFIG_UDHCPC6_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
 # CONFIG_UDHCPC6 is not set
 # CONFIG_FEATURE_UDHCPC6_RFC3646 is not set
 # CONFIG_FEATURE_UDHCPC6_RFC4704 is not set
@@ -1141,6 +1151,7 @@ CONFIG_ASH_IDLE_TIMEOUT=y
 CONFIG_ASH_ECHO=y
 CONFIG_ASH_PRINTF=y
 CONFIG_ASH_TEST=y
+CONFIG_ASH_SLEEP=y
 CONFIG_ASH_HELP=y
 CONFIG_ASH_GETOPTS=y
 CONFIG_ASH_CMDCMD=y
diff --git a/package/busybox/busybox.hash b/package/busybox/busybox.hash
index 2091cdaf65..6d1c36906d 100644
--- a/package/busybox/busybox.hash
+++ b/package/busybox/busybox.hash
@@ -1,5 +1,5 @@
 # From https://busybox.net/downloads/busybox-1.35.0.tar.bz2.sha256
-sha256  faeeb244c35a348a334f4a59e44626ee870fb07b6884d68c10ae8bc19f83a694  busybox-1.35.0.tar.bz2
+sha256  542750c8af7cb2630e201780b4f99f3dcceeb06f505b479ec68241c1e6af61a5  busybox-1.36.0.tar.bz2
 # Locally computed
 sha256  bbfc9843646d483c334664f651c208b9839626891d8f17604db2146962f43548  LICENSE
 sha256  b5a136ed67798e51fe2e0ca0b2a21cb01b904ff0c9f7d563a6292e276607e58f  archival/libarchive/bz/LICENSE
diff --git a/package/busybox/busybox.mk b/package/busybox/busybox.mk
index f8f9cb5616..1633ca525d 100644
--- a/package/busybox/busybox.mk
+++ b/package/busybox/busybox.mk
@@ -4,17 +4,15 @@
 #
 ################################################################################
 
-BUSYBOX_VERSION = 1.35.0
+BUSYBOX_VERSION = 1.36.0
 BUSYBOX_SITE = https://www.busybox.net/downloads
 BUSYBOX_SOURCE = busybox-$(BUSYBOX_VERSION).tar.bz2
 BUSYBOX_LICENSE = GPL-2.0, bzip2-1.0.4
 BUSYBOX_LICENSE_FILES = LICENSE archival/libarchive/bz/LICENSE
 BUSYBOX_CPE_ID_VENDOR = busybox
 
-# 0003-awk-fix-use-after-free-CVE-2022-30065.patch
-BUSYBOX_IGNORE_CVES += CVE-2022-30065
-# 0004-libbb-sockaddr2str-ensure-only-printable-characters-.patch
-# 0005-nslookup-sanitize-all-printed-strings-with-printable.patch
+# 0003-libbb-sockaddr2str-ensure-only-printable-characters-.patch
+# 0004-nslookup-sanitize-all-printed-strings-with-printable.patch
 BUSYBOX_IGNORE_CVES += CVE-2022-28391
 
 BUSYBOX_CFLAGS = \