Published: 19/03/2021 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

decompress_gunzip.c in BusyBox up to and including 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
busybox busybox
fedoraproject fedora 32
fedoraproject fedora 33
fedoraproject fedora 34
debian debian linux 9.0

Debian Bug report logs - #985674 CVE-2021-28831 Package: busybox; Maintainer for busybox is Debian Install System Team <debian-boot@listsdebianorg>; Source for busybox is src:busybox (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sun, 21 Mar 2021 19:12:01 UTC Severity: important Tags: ...

BusyBox could be made to crash or run programs if it received specially crafted input ...

decompress_gunzipc in BusyBox through 1321 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data (CVE-2021-28831) ...

decompress_gunzipc in BusyBox through 1321 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data ...

Product Report: Django-NV Generated By Admin User (admin) on 12/23/2021 07:55PM UTC Number of vulnerabilities found: 15 VULNERABILITIES DESCRIPTION VULNERABILITY ID : 9 TITLE: Starting a Process With a Shell, Possible Injection Detected, Security Issue SEVERITY: High RECOMMENDED TIME TO RESOLVE THE ISSUE: 30 days DESCRIPTION: An SQL injection attack consists of insertion or &l

Certified Kubernetes Security Specialist (CKS) 2023-2024

Certified Kubernetes Security Specialist (CKS) in 2023-2024 A Certified Kubernetes Security Specialist (CKS) is an accomplished Kubernetes practitioner (must be CKA certified) who has demonstrated competence on a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment, and runtime Certification Duration of

Example for trivy and lisence_finder with rails application

Example for trivy and lisence_finder with rails application Trivy Trivy is a vulnerability/misconfiguration scanner for containers and other artifacts githubcom/aquasecurity/trivy Documentation for installation Trivy documentation Run on container for Mac OS (with mounted volume /var/run/dockersock in docker-composeyml) docker-compose run --rm trivy

CWE-755 https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html https://security.gentoo.org/glsa/202105-09 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985674 https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5179-2

CVE-2021-28831

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect