Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: BusyBox unpack_Z_stream() buffer underflow
From: Alex Legler <a3li () gentoo org>
Date: Fri, 19 Aug 2011 13:36:31 +0200

Hi,

Secunia [1] reported a fix in BusyBox for a flaw similar to CVE-2006-1168:

"The vulnerability is caused due to a boundary error within the 
"unpack_Z_stream()" function (archival/libarchive/decompress_uncompress.c) and 
can be exploited to cause a buffer underflow via a specially crafted 
datastream."

Patch is available at [2], our bug is [3].

Please assign a CVE.

Thanks,
Alex

[1] http://secunia.com/advisories/45702/
[2] 
http://git.busybox.net/busybox/diff/archival/libarchive/decompress_uncompress.c?id=251fc70e9722f931eec23a34030d05ba5f747b0e
[3] https://bugs.gentoo.org/show_bug.cgi?id=379857

-- 
Alex Legler <a3li () gentoo org>
Gentoo Security / Ruby

Attachment: signature.asc
Description: This is a digitally signed message part.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]