CVE-2021-28831

Updated: 2025-05-10 00:46:03.094538

Description:

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
CentOS 6 ELS busybox 1.15.1 7.5 HIGH Not Vulnerable 2021-12-16 10:40:02
CloudLinux 6 ELS busybox 1.15.1 7.5 HIGH Not Vulnerable 2021-12-16 10:40:02
Oracle Linux 6 ELS busybox 1.15.1 7.5 HIGH Not Vulnerable 2021-12-16 10:40:02
Ubuntu 16.04 ELS busybox 1.22.0 7.5 HIGH Released CLSA-2021:1635459154 2021-12-16 10:40:02
Ubuntu 18.04 ELS busybox 1.27.2 7.5 HIGH Already Fixed 2023-09-05 14:06:32