31.Lock DigitalRoom

A critical stack overflow vulnerability has been discovered in ash.c:6030 in BusyBox before 1.35 (CVE-2022-48174). Due to the ease of exploitation and the severe threat it poses to the confidentiality, integrity, and availability of impacted systems, this bug has received a National Vulnerability Database base score of 9.8 out of 10. It was also discovered that BusyBox incorrectly handled certain malformed gzip archives (CVE-2021-28831).

These issues could allow a remote attacker to execute arbitrary code or cause BusyBox to crash, resulting in a denial of service. 

Important updates for BusyBox have been released that mitigate these critical flaws. We urge all impacted users to apply the updates released by SUSE and Ubuntu immediately to protect against attacks leading to potential downtime or compromise.

To stay on top of essential updates released by the open-source programs and applications you use, register as a LinuxSecurity user, subscribe to our Linux Advisory Watch newsletter, and customize your advisories for your distro(s). This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.

Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).