busybox: Fix for CVE-2021-42376 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Pavel Zhukov <pavel.zhukov@huawei.com>	2021-12-01 10:54:37 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-12-08 20:28:01 +0000
commit	15d764e697b101d382a1f7834622bdd380908e6f (patch)
tree	6f92aa21602cd0f9f0d17102af87cf9d71f535eb /scripts/lib/scriptpath.py
parent	1f2cf291e767f2472d95ccee19c4d97bdc00f3d6 (diff)
download	poky-15d764e697b101d382a1f7834622bdd380908e6f.tar.gz

busybox: Fix for CVE-2021-42376

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42376 (From OE-Core rev: 58e49c94d5305875188110aecdefe77c0afdfcb7) Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/scriptpath.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: