CVE-2021-28831 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Denial of service
Description	decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1708	mkinitcpio-busybox	1.32.1-2	1.32.1-3	Low	Fixed	FS#70075
AVG-1707	busybox	1.32.1-3	1.32.1-4	Low	Fixed	FS#70075

Date	Advisory	Group	Package	Severity	Type
25 Mar 2021	ASA-202103-12	AVG-1707	busybox	Low	denial of service
25 Mar 2021	ASA-202103-11	AVG-1708	mkinitcpio-busybox	Low	denial of service

References
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd