CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 CVE-2022-48174 CVE-2023-42364 CVE-2023-42365 Debian Bug : 985674 999567 1059049 1059051 1059052
Multiple vulnerabilities have been found in BusyBox, a lightweight single-executable containing various Unix utilities, which potentially allow attackers to cause denial of service, information leakage, or arbitrary code execution through malformed gzip data, crafted LZMA input or crafted awk patterns.
CVE-2021-28831
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit
on the huft_build result pointer, with a resultant invalid free or
segmentation fault, via malformed gzip data.
CVE-2021-42374
An out-of-bounds heap read in Busybox's unlzma applet leads to
information leak and denial of service when crafted LZMA-compressed
input is decompressed. This can be triggered by any applet/format that
CVE-2021-42378
A use-after-free in Busybox's awk applet leads to denial of service and
possibly code execution when processing a crafted awk pattern in the
getvar_i function
CVE-2021-42379
A use-after-free in Busybox's awk applet leads to denial of service and
possibly code execution when processing a crafted awk pattern in the
next_input_file function
CVE-2021-42380
A use-after-free in Busybox's awk applet leads to denial of service and
possibly code execution when processing a crafted awk pattern in the
clrvar function
CVE-2021-42381
A use-after-free in Busybox's awk applet leads to denial of service and
possibly code execution when processing a crafted awk pattern in the
hash_init function
CVE-2021-42382
use-after-free in Busybox's awk applet leads to denial of service and
possibly code execution when processing a crafted awk pattern in the
getvar_s function
CVE-2021-42384
A use-after-free in Busybox's awk applet leads to denial of...
1:1.30.1-6+deb11u1