Wind River Support Network


LIN7-3816 : Security Advisory - busybox - CVE-2014-4607

Created: May 17, 2015    Updated: Sep 8, 2018
Resolved Date: May 17, 2015
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace


An integer overflow may occur when processing any variant of a "literal run" in the lzo1x_decompress_safe function. Each of these three locations is subject to an integer overflow when processing zero bytes. This exposes the code that copies literals to memory corruption. It should be noted that if the target is 64bit liblzo2, the overflow is still possible, but impractical. An overflow would require so much input data that an attack would be infeasible even in modern computers. This issue is LAZARUS.1 

Other Downloads


Live chat