Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

CVE-2021-28831 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2021-28831

CVE-2021-28831

HIGH7.5

decompress_gunzip

Published Mar 19, 2021

Modified 2 months ago

Details

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

References

WEB

https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd

WEB

https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html

WEB

https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html

ADVISORY

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/

ADVISORY

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/

ADVISORY

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/

ADVISORY

https://security.gentoo.org/glsa/202105-09

WEB

https://security.netapp.com/advisory/ntap-20250509-0005/

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2021-28831

CVSS Analysis

CVSS v3.1

7.5

Exploitability

Attack Complexity

LowAC:L

Attack Vector

NetworkAV:N

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Availability

HighA:H

Confidentiality

NoneC:N

Integrity

NoneI:N

7.5/CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N

Ecosystems

Timeline

PublishedMar 19, 2021

ModifiedDec 17, 2025