[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: CVE-2022-28391 busybox: arbitrary code execution if netstat is used to print a DNS PTR record's valu
From: Radoslav Kolev <radoslav.kolev () suse ! com>
Date: 2022-06-03 8:04:31
Message-ID: 078b703b-d27b-6094-e2b7-6abc88a782ed () suse ! com
[Download RAW message or body]
Hello,
there is a CVE about busybox reported in April by Alpine Linux developer
Ariadne Conill as well as 2 patches to fix it:
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
Would you consider to pick these two up?
Best regards,
Radoslav
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic