What the vulnerability does
01Description
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
CVSS base score
CVSS vector
CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N
What the vulnerability does
decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
Key dates
External resources