busybox busybox 对异常条件的处理不恰当

admin

0
文章

0
评论

2023-12-01 15:41:22 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

低危 busybox busybox 对异常条件的处理不恰当

CVE编号

CVE-2021-28831

利用情况

暂无

补丁情况

官方补丁

披露时间

2021-03-19

漏洞描述

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://security.gentoo.org/glsa/202105-09

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	busybox	busybox	*		Up to (including) 1.32.1
	运行在以下环境
	系统	alpine_3.10	busybox	*		Up to (excluding) 1.30.1-r5
	运行在以下环境
	系统	alpine_3.11	busybox	*		Up to (excluding) 1.31.1-r10
	运行在以下环境
	系统	alpine_3.12	busybox	*		Up to (excluding) 1.31.1-r20
	运行在以下环境
	系统	alpine_3.13	busybox	*		Up to (excluding) 1.32.1-r4
	运行在以下环境
	系统	alpine_3.14	busybox	*		Up to (excluding) 1.33.0-r5
	运行在以下环境
	系统	alpine_3.15	busybox	*		Up to (excluding) 1.33.0-r5
	运行在以下环境
	系统	alpine_3.16	busybox	*		Up to (excluding) 1.33.0-r5
	运行在以下环境
	系统	alpine_3.17	busybox	*		Up to (excluding) 1.33.0-r5
	运行在以下环境
	系统	alpine_3.18	busybox	*		Up to (excluding) 1.33.0-r5
	运行在以下环境
	系统	alpine_edge	busybox	*		Up to (excluding) 1.33.0-r5
	运行在以下环境
	系统	amazon_AMI	busybox	*		Up to (excluding) 1.19.3-2.12.amzn1
	运行在以下环境
	系统	debian_10	busybox	*		Up to (including) 1.30.1-4
	运行在以下环境
	系统	debian_11	busybox	*		Up to (including) 1.30.1-6
	运行在以下环境
	系统	debian_12	busybox	*		Up to (excluding) 1:1.35.0-1
	运行在以下环境
	系统	debian_9	busybox	*		Up to (excluding) 1:1.22.0-19+deb9u2
	运行在以下环境
	系统	debian_sid	busybox	*		Up to (excluding) 1:1.35.0-1
	运行在以下环境
	系统	fedora_32	busybox-petitboot	*		Up to (excluding) 1.32.1-1.fc32
	运行在以下环境
	系统	fedora_33	busybox-petitboot-debuginfo	*		Up to (excluding) 1.32.1-1.fc33
	运行在以下环境
	系统	fedora_34	busybox-petitboot-debuginfo	*		Up to (excluding) 1.33.0-3.fc34
	运行在以下环境
	系统	opensuse_Leap_15.2	busybox	*		Up to (excluding) 1.26.2-lp152.5.3.1
	运行在以下环境
	系统	opensuse_Leap_15.3	busybox	*		Up to (excluding) 6.1.34-lp153.2.27.2
	运行在以下环境
	系统	opensuse_Leap_15.4	busybox-testsuite	*		Up to (excluding) 1.35.0-150400.3.3.1
	运行在以下环境
	系统	suse_12_SP5	busybox	*		Up to (excluding) 1.35.0-4.3.1
	运行在以下环境
	系统	ubuntu_18.04	busybox	*		Up to (excluding) 1:1.27.2-2ubuntu3.4
	运行在以下环境
	系统	ubuntu_20.04	busybox	*		Up to (excluding) 1:1.30.1-4ubuntu6.4
	运行在以下环境
	系统	ubuntu_21.04	busybox	*		Up to (excluding) 1:1.30.1-6ubuntu2.1
	运行在以下环境
	系统	ubuntu_21.10	busybox	*		Up to (excluding) 1:1.30.1-6ubuntu3.1
	运行在以下环境
	系统	ubuntu_22.04	busybox	*		Up to (excluding) 1:1.30.1-7ubuntu2
	运行在以下环境
	系统	ubuntu_22.10	busybox	*		Up to (excluding) 1:1.30.1-7ubuntu2