Denys Vlasenko

**Nome do Software Vulnerável e Versões Afetadas** BusyBox (versões afetadas não especificadas) **Descrição** Existe uma falha no BusyBox que permite a um atacante modificar arquivos fora do diretório de extração previsto. Isso é realizado através da criação de um arquivo tar malicioso com entradas de hardlink ou symlink não validadas. Caso o arquivo seja extraído com privilégios elevados, isso pode resultar em escalonamento de privilégios e acesso não autorizado a arquivos críticos do sistema. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas** BusyBox (versões afetadas não especificadas) **Descrição** Existe uma falha nos utilitários de extração de arquivos do BusyBox devido à sanitização incompleta de caminhos. Um atacante pode criar arquivos compactados maliciosos que, quando extraídos sob condições específicas, podem permitir a gravação em arquivos fora do diretório pretendido. Isso pode levar à sobrescrita arbitrária de arquivos, potencialmente permitindo a execução de código através da modificação de arquivos sensíveis do sistema. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.1.0-rc3+ **Description** The issue is related to the arm64/mm component of the Linux kernel, where incorrect handling of memory allocation errors can lead to a denial of service. On arm64, the pmd leaf() function will return true even if the pmd is invalid due to the pmd present invalid() check. This can cause the file map count to decrease and then increase again, triggering a BUG ON() unexpectedly. The problem can be fixed by adding a !pmd present invalid() check in the pmd user accessible page() function. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the arm64/mm component, specifically the patch that adds the !pmd present invalid() check in the pmd user accessible page() function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BusyBox versions prior to 1.30.1 **Description** An issue in the udhcp component of BusyBox might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is due to an out of bounds read when decoding DHCP SUBNET, related to an incomplete fix for a previous issue. The vulnerability is associated with a buffer read beyond its boundaries in memory, potentially allowing an unauthorized access to protected information. **Recommendations** For BusyBox versions prior to 1.30.1, update to version 1.30.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the DHCP client, server, and relay components until a patch is available.

**Name of the Vulnerable Software and Affected Versions** BusyBox versions prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e **Description** The issue is related to a Buffer Overflow vulnerability in the BusyBox wget, which can result in a heap buffer overflow. This vulnerability can be exploited via network connectivity, allowing a remote attacker to impact the integrity and availability of data, as well as cause a denial of service. **Recommendations** For BusyBox versions prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e, update to a version that includes the fix after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e to resolve the issue. As a temporary workaround, consider restricting network connectivity to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BusyBox version 1.27.2 **Description** The issue is related to an Integer Overflow in the `get next block` function, located in the `archival/libarchive/decompress bunzip2.c` component of BusyBox. This overflow may lead to a write access violation. The vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** For BusyBox version 1.27.2, consider disabling the `get next block` function as a temporary workaround until a patch is available. Restrict access to the `decompress bunzip2.c` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BusyBox versions prior to 1.27.2 **Description** The issue is related to the huft build function in the archival/libarchive/decompress gunzip.c component of the BusyBox set of UNIX utilities. It involves a null pointer dereference. An attacker, acting remotely, can exploit this issue by using a specially crafted ZIP file to cause a denial of service, resulting in application crashes and segfaults during an unzip operation. **Recommendations** For versions prior to 1.27.2, update to version 1.27.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the huft build function in the decompress gunzip.c component until a patch is available. Avoid using specially crafted ZIP files that could trigger the vulnerability.