PT-2021-5536 · Busybox+5 · Busybox+5

Published

2021-11-15

Updated

2025-11-03

CVE-2021-42374

CVSS v2.0

6.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions BusyBox (affected versions not specified)

Description An out-of-bounds heap read in BusyBox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that uses the vulnerable applet. The issue allows a remote attacker to cause an out-of-bounds read error and read the contents of the system memory or perform a denial-of-service attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

AZL-41054

AZL-6343

BDU:2021-06386

CVE-2021-42374

DLA-4019-1

OESA-2021-1441

OPENSUSE-SU-2022:0135-1

OPENSUSE-SU-2022_0135-1

OPENSUSE-SU-2022_3959-1

SUSE-SU-2022:0135-1

SUSE-SU-2022:0135-2

SUSE-SU-2022:3959-1

SUSE-SU-2022:4253-1

USN-5179-1

Affected Products

Astra Linux

Busybox

Linuxmint

Red Os

Suse

Ubuntu

PT-2021-5536 · Busybox+5 · Busybox+5

CVE-2021-42374

Weakness Enumeration

Related Identifiers

Affected Products

References · 100