[Bug 12916] New: out-of-bounds write in get_next_block()

bugzilla at busybox.net bugzilla at busybox.net
Wed May 20 07:20:59 UTC 2020


https://bugs.busybox.net/show_bug.cgi?id=12916

            Bug ID: 12916
           Summary: out-of-bounds write in get_next_block()
           Product: Busybox
           Version: 1.31.x
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P5
         Component: Other
          Assignee: unassigned at busybox.net
          Reporter: mike-broomfield at hotmail.co.uk
                CC: busybox-cvs at busybox.net
  Target Milestone: ---

get_next_block in decompress_bunzip2.c has an out-of-bounds write when there
are many selectors.

A very similar bug was present in bzip2 through 1.0.6.  

You can see the commit that fixed the bzip2 vulnerability at
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc#951eb5324dc64ed8c9225bfcdcb72ee7a3932918

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the busybox-cvs mailing list