[Bug 15216] There is a stack overflower in ash of busybox. Here is asan report.

bugzilla at busybox.net bugzilla at busybox.net
Wed Mar 6 21:02:25 UTC 2024


https://bugs.busybox.net/show_bug.cgi?id=15216

--- Comment #4 from John Ata <john.ata at baesystems.com> ---
I am still getting a segault on busybox 1.36.1 running the expression "echo
${0::0/0~09J}" on busybox ash built on Linux (e.g. Centos 7) with the following
configuration MATH variables turned off and the other MATH variables turned on:

CONFIG_FEATURE_SH_MATH_64 is not set
CONFIG_FEATURE_SH_MATH_BASE is not set

It seems that perhaps the fix is not comprehensively complete.  If these MATH
variables are turned on along with the other MATH variables, there is no
problem.

We seem to be claiming that CVE-2022-48174 does not exist in 1.36.1 (fixed in
1.35). But this does not seem to be necessarily true.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the busybox-cvs mailing list