CVE-2021-28831

Опубликовано: 12 мар. 2021

Источник: redhat

CVSS3: 7.5

Описание

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

Отчет

Support for gunzip was introduced in busybox-1.20, therefore version of busybox shipped with Red Hat Enterprise Linux 6 is not affected by this flaw.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	busybox	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-763

https://bugzilla.redhat.com/show_bug.cgi?id=1941028busybox: invalid free or segmentation fault via malformed gzip data

7.5 High

CVSS3

Связанные уязвимости

CVE-2021-28831

CVSS3: 7.5

ubuntu

почти 5 лет назад

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

CVE-2021-28831

CVSS3: 7.5

nvd

почти 5 лет назад

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

CVE-2021-28831

CVSS3: 7.5

msrc

почти 5 лет назад

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer with a resultant invalid free or segmentation fault via malformed gzip data.

CVE-2021-28831

CVSS3: 7.5

debian

почти 5 лет назад

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit ...

GHSA-7w53-225r-6vxv

CVSS3: 7.5

github

больше 3 лет назад

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

7.5 High

CVSS3