CLSA-2021-1635459154 Fix CVE(s): CVE-2021-28831

SECURITY UPDATE: operation on invalid pointer - debian/patches/CVE-2021-28831.patch: decompressgunzip.c mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. - CVE-2021-28831...

The vulnerability of the `huft_build` function in the `archival/libarchive/decompress_gunzip.c` component of the BusyBox command-line utility suite, related to the manipulation of the null pointer, allows a malicious actor to trigger a denial-of-service attack.

The vulnerability of the huftbuild function in the archival/libarchive/decompressgunzip.c file of the UNIX utility command-line tool BusyBox is related to the use of a null pointer. Exploiting this vulnerability allows an attacker to cause a service failure by using a specially created ZIP file...

DEBIAN-CVE-2021-28831

decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data...

ALPINE-CVE-2021-28831

decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data...

CVE-2021-28831

decompressgunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huftbuild result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data...