Wind River Support Network

HomeDefectsLIN10-8398
Fixed

LIN10-8398 : Security Advisory - busybox - CVE-2021-28831

Created: Mar 21, 2021    Updated: Apr 1, 2021
Resolved Date: Apr 1, 2021
Found In Version: 10.17.41.1
Severity: Standard
Applicable for: Wind River Linux LTS 17
Component/s: Userspace

Description

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

CREATE(Triage):(User=admin) [CVE-2021-28831|https://nvd.nist.gov/vuln/detail/CVE-2021-28831]

CVEs


Live chat
Online