Lucene search

K

MitreCVELIST:CVE-2021-28831

HistoryMar 19, 2021 - 4:01 a.m.

CVE-2021-28831

2021-03-1904:01:54

mitre

www.cve.org

11

cve-2021-28831

busybox

decompress_gunzip.c

vulnerability

gzip data

invalid free

segmentation fault

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.8

Confidence

High

EPSS

0.008

Percentile

81.3%

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

References

git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd

lists.debian.org/debian-lts-announce/2021/04/msg00001.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/

security.gentoo.org/glsa/202105-09

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.8

Confidence

High

EPSS

0.008

Percentile

81.3%

Related for CVELIST:CVE-2021-28831

ubuntu3 redos13 nessus18 archlinux2 openvas19 debian1 gentoo1 mageia1 osv6 cbl_mariner2 prion1 nvd1 amazon1 ibm1 redhatcve1 fedora3 cve1 debiancve1 alpinelinux1 veracode1 ubuntucve1 suse3 cloudfoundry1 ics1 avleonov1