[PATCH] awk: fix use after free (CVE-2023-42363)
Natanael Copa
ncopa at alpinelinux.org
Mon May 20 20:52:44 UTC 2024
On Mon, 20 May 2024 17:55:28 +0200
Natanael Copa <ncopa at alpinelinux.org> wrote:
> Fixes https://bugs.busybox.net/show_bug.cgi?id=15865
I also found out that CVE-2023-42364 and CVE-2023-42365 are fixed with
commit 0256e00a9d07 (awk: fix precedence of = relative to ==).
See: https://bugs.busybox.net/show_bug.cgi?id=15871#c5
It would be nice if those two were backported to 1_36_stable.
Thanks!
-nc
More information about the busybox
mailing list