busybox: awk: fix use after free (CVE-2022-30065)
authorHauke Mehrtens <hauke@hauke-m.de>
Tue, 1 Nov 2022 14:23:17 +0000 (15:23 +0100)
committerHauke Mehrtens <hauke@hauke-m.de>
Sat, 5 Nov 2022 21:07:09 +0000 (22:07 +0100)
commit8b383ee2a0d21144258346ad39006fc499d04b4f
treeea644572a8fc693e84f995d30189a6ccbcb5910d
parent002a99eccd75fb653163bae0a1132bd4f494e7ad
busybox: awk: fix use after free (CVE-2022-30065)

This backports a commit which fixes a use after free bug in awk.

CVE-2022-30065 description:
A use-after-free in Busybox 1.35-x's awk applet leads to denial of
service and possibly code execution when processing a crafted awk
pattern in the copyvar function.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
package/utils/busybox/patches/001-CVE-2022-30065-awk-fix-use-after-free.patch [new file with mode: 0644]