]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a43f727) | patch
busybox: Backport CVE-2022-48174 fix
authorMarek Vasut <marex@denx.de>
Mon, 9 Oct 2023 16:26:22 +0000 (18:26 +0200)
committerSteve Sakoman <steve@sakoman.com>
Mon, 9 Oct 2023 17:30:51 +0000 (07:30 -1000)
commit634daf953e4bd8c6df3ee341b5e93cc81e1a620d
tree9beacd50d2e2d812c3cbd7b9175c021ad2d4f506tree
parenta43f7277061ee6c30c42c9318e3e9dd076563f5dcommit | diff
busybox: Backport CVE-2022-48174 fix

There is a stack overflow vulnerability in ash.c:6030 in busybox before
1.35. In the environment of Internet of Vehicles, this vulnerability can
be executed from command to arbitrary code execution.

https://nvd.nist.gov/vuln/detail/CVE-2022-48174

CVE: CVE-2022-48174
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/busybox/busybox/CVE-2022-48174.patch [new file with mode: 0644] blob
meta/recipes-core/busybox/busybox_1.31.1.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core