Wind River Support Network

HomeDefectsLIN6-9905
Fixed

LIN6-9905 : Security Advisory - busybox - CVE-2014-4607

Created: May 17, 2015    Updated: Dec 3, 2018
Resolved Date: May 28, 2015
Found In Version: 6.0.0.20
Fix Version: 6.0.0.21
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

An integer overflow may occur when processing any variant of a "literal run" in the lzo1x_decompress_safe function. Each of these three locations is subject to an integer overflow when processing zero bytes. This exposes the code that copies literals to memory corruption. It should be noted that if the target is 64bit liblzo2, the overflow is still possible, but impractical. An overflow would require so much input data that an attack would be infeasible even in modern computers. This issue is LAZARUS.1

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4607 

Other Downloads


Live chat
Online