code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Pavel Zhukov <pavel.zhukov@huawei.com>
	Wed, 1 Dec 2021 09:54:37 +0000 (10:54 +0100)
committer	Steve Sakoman <steve@sakoman.com>
	Mon, 6 Dec 2021 14:48:48 +0000 (04:48 -1000)
commit	58e49c94d5305875188110aecdefe77c0afdfcb7
tree	a16c4e8fce3c22531311a802ddb5ed7aeb5d3a5f	tree \| snapshot
parent	297719989ebe8ce7d50e3991cba3e268938690ce	commit \| diff

busybox: Fix for CVE-2021-42376

A NULL pointer dereference in Busybox's hush applet leads to denial of service
when processing a crafted shell command, due to missing validation after
a \x03 delimiter character.
This may be used for DoS under very rare conditions of filtered command input.

Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42376

Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-core/busybox/busybox/CVE-2021-42376.patch	[new file with mode: 0644]	blob
meta/recipes-core/busybox/busybox_1.31.1.bb		diff \| blob \| history

Mirror of the official openembedded-core repository

RSS Atom