Home page logo

oss-sec logo oss-sec mailing list archives

CVE request: BusyBox unpack_Z_stream() buffer underflow
From: Alex Legler <a3li () gentoo org>
Date: Fri, 19 Aug 2011 13:36:31 +0200


Secunia [1] reported a fix in BusyBox for a flaw similar to CVE-2006-1168:

"The vulnerability is caused due to a boundary error within the 
"unpack_Z_stream()" function (archival/libarchive/decompress_uncompress.c) and 
can be exploited to cause a buffer underflow via a specially crafted 

Patch is available at [2], our bug is [3].

Please assign a CVE.


[1] http://secunia.com/advisories/45702/
[3] https://bugs.gentoo.org/show_bug.cgi?id=379857

Alex Legler <a3li () gentoo org>
Gentoo Security / Ruby

Attachment: signature.asc
Description: This is a digitally signed message part.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]