]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
busybox: fix CVE-2022-48174
authorMeenali Gupta <meenali.gupta@windriver.com>
Fri, 1 Sep 2023 11:49:40 +0000 (11:49 +0000)
committerSteve Sakoman <steve@sakoman.com>
Fri, 1 Sep 2023 14:49:21 +0000 (04:49 -1000)
commit56b90b5f2da661bfac3f2d751fc09e918429ec87
tree769d7cd3bc7ee869e74b5aea3622387419f8c191
parent4d79b1cc4178ba88830bab59a45163bbddf586ce
busybox: fix CVE-2022-48174

There is a stack overflow vulnerability in ash.c:6030 in busybox
vbefore 1.35. In the environment of Internet of Vehicles, this
vulnerability can be executed from command to arbitrary code execution.

Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/busybox/busybox/CVE-2022-48174.patch [new file with mode: 0644]
meta/recipes-core/busybox/busybox_1.35.0.bb