CVE-2021-42374 log

Severity Medium
Remote Yes
Type Information disclosure
An out-of-bounds heap read in Busybox's unlzma applet before version 1.34.0 leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that internally supports LZMA compression.
Group Package Affected Fixed Severity Status Ticket
AVG-2562 mkinitcpio-busybox 1.33.1-1 1.34.1-1 Medium Fixed
AVG-2561 busybox 1.33.1-1 1.34.1-1 Medium Fixed