projects / openwrt / staging / blocktrron.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fe5cd3c) | patch
busybox: awk: fix use after free (CVE-2022-30065)
authorHauke Mehrtens <hauke@hauke-m.de>
Tue, 1 Nov 2022 14:23:17 +0000 (15:23 +0100)
committerHauke Mehrtens <hauke@hauke-m.de>
Sat, 5 Nov 2022 21:43:45 +0000 (22:43 +0100)
commit13bd217821e766110298498d0b73c4394e3330bd
treea622ff69ca8403470b31eed2592430ffa5befc36tree | snapshot
parentfe5cd3c9d97caf8c201c0c9953cfd52bec071108commit | diff
busybox: awk: fix use after free (CVE-2022-30065)

This backports a commit which fixes a use after free bug in awk.

CVE-2022-30065 description:
A use-after-free in Busybox 1.35-x's awk applet leads to denial of
service and possibly code execution when processing a crafted awk
pattern in the copyvar function.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8b383ee2a0d21144258346ad39006fc499d04b4f)
package/utils/busybox/patches/001-CVE-2022-30065-awk-fix-use-after-free.patch [new file with mode: 0644] blob
Staging tree of David Bauer