CVE-2021-42374 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
An out-of-bounds heap read in Busybox's unlzma applet before version 1.34.0 leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that internally supports LZMA compression.
Group Package Affected Fixed Severity Status Ticket
AVG-2562 mkinitcpio-busybox 1.33.1-1 1.34.1-1 Medium Fixed
AVG-2561 busybox 1.33.1-1 1.34.1-1 Medium Fixed
References
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/