Backport "decompress_gunzip: Fix DoS if gzip is corrupt" to fix CVE-2021-28831
Hauke Mehrtens
hauke at hauke-m.de
Tue Mar 30 18:47:51 UTC 2021
Hi,
Could you please backport this commit to busybox 1.33 branch:
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
Someone assigned CVE-2021-28831 with severity high to this change:
https://nvd.nist.gov/vuln/detail/CVE-2021-28831
Having this also in 1.33 would be nice and make security compliance
experts happy.
Hauke
More information about the busybox
mailing list