GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed May 26, 2021 3:26 pm Post subject: [ GLSA 202105-09 ] BusyBox |
|
|
Gentoo Linux Security Advisory
Title: BusyBox: Denial of service (GLSA 202105-09)
Severity: low
Exploitable: local, remote
Date: 2021-05-26
Bug(s): #777255
ID: 202105-09
Synopsis
A vulnerability in BusyBox might allow remote attackers to cause a
Denial of Service condition.
Background
BusyBox is a set of tools for embedded systems and is a replacement for
GNU Coreutils.
Affected Packages
Package: sys-apps/busybox
Vulnerable: < 1.32.1
Unaffected: >= 1.32.1
Architectures: All supported architectures
Description
It was discovered that BusyBox mishandled the error bit on the
huft_build result pointer when decompressing GZIP compressed data.
Impact
A remote attacker could entice a user to open a specially crafted GZIP
file using BusyBox, possibly resulting in a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All BusyBox users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/busybox-1.32.1"
|
References
CVE-2021-28831 |
|