[PATCH] awk: fix use after free (CVE-2023-42363)

Natanael Copa ncopa at alpinelinux.org
Mon May 20 20:52:44 UTC 2024


On Mon, 20 May 2024 17:55:28 +0200
Natanael Copa <ncopa at alpinelinux.org> wrote:

> Fixes https://bugs.busybox.net/show_bug.cgi?id=15865

I also found out that CVE-2023-42364 and CVE-2023-42365 are fixed with
commit 0256e00a9d07 (awk: fix precedence of = relative to ==).

See: https://bugs.busybox.net/show_bug.cgi?id=15871#c5

It would be nice if those two were backported to 1_36_stable.

Thanks!

-nc


More information about the busybox mailing list