Debian 11 Bullseye Advisory DLA-4019-1: busybox update critical threats
debian lts
January 19, 2025
Multiple vulnerabilities have been found in BusyBox, a lightweight single-executable containing various Unix utilities, which potentially allow attackers to cause denial of service...
Topics Covered
Summary
CVE-2021-28831
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit
on the huft_build result pointer, with a resultant invalid free or
segmentation fault, via malformed gzip data.
CVE-2021-42374
An out-of-bounds heap read in Busybox's unlzma applet leads to
information leak and denial of service when crafted LZMA-compressed
input is decompressed. This can be triggered by any applet/format that
CVE-2021-42378
A use-after-free in Busybox's awk applet leads to denial of service and
possibly code execution when processing a crafted awk pattern in the
getvar_i function
CVE-2021-42379
A use-after-free in Busybox's awk applet leads to denial of service and
possibly code execution when processing a crafted awk pattern in the
next_input_file function
CVE-2021-42380
A use-after-free in Busybox's awk applet leads to denial of service and
possibly code execution when processing a crafted awk pattern in the
clrvar function
CVE-2021-42381
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: busybox
Version: 1:1.30.1-6+deb11u1
CVE ID: CVE-2021-28831 CVE-2021-42374 CVE-2021-42378 CVE-2021-42379
Debian Bug: 985674 999567 1059049 1059051 1059052
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!