It was discovered that BusyBox incorrectly handled certain malformed gzip archives. If a user or automated system were tricked into processing a specially crafted gzip archive, a remote attacker could use this issue to cause BusyBox to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2021-28831)
It was discovered that BusyBox did not properly validate user input when performing certain arithmetic operations. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to cause BusyBox to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2022-48174)
1:1.21.0-1ubuntu1.4+esm11:1.22.0-15ubuntu1.4+esm21:1.27.2-2ubuntu3.4+esm1