CVE-2021-42374
An out-of-bounds heap read in unlzma leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that internally supports LZMA compression.
Read more: "Unboxing Busybox: 14 Vulnerabilities Uncovered by Claroty, JFrog"
Risk Information
- CVE ID
- CVE-2021-42374
- Vendor
- Busybox
- Product
- Linux Utilities
- CVSS v3
- 6.5