https://bugzilla.redhat.com/show_bug.cgi?id=2088233
Bug ID: 2088233 Summary: CVE-2022-30065 busybox: A use-after-free in Busybox's awk applet leads to denial of service Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: saroy@redhat.com CC: admiller@redhat.com, dcavalca@fb.com, dvlasenk@redhat.com, epel-packagers-sig@lists.fedoraproject.org, spotrh@gmail.com Target Milestone: --- Classification: Other
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.
https://bugs.busybox.net/show_bug.cgi?id=14781
https://bugzilla.redhat.com/show_bug.cgi?id=2088233
Sandipan Roy saroy@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2088235
https://bugzilla.redhat.com/show_bug.cgi?id=2088233
Sandipan Roy saroy@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2089282, 2089281
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2089281 [Bug 2089281] CVE-2022-30065 busybox: A use-after-free in Busybox's awk applet leads to denial of service [fedora-35] https://bugzilla.redhat.com/show_bug.cgi?id=2089282 [Bug 2089282] CVE-2022-30065 busybox: A use-after-free in Busybox's awk applet leads to denial of service [fedora-34]
https://bugzilla.redhat.com/show_bug.cgi?id=2088233
--- Comment #1 from Sandipan Roy saroy@redhat.com --- Created busybox tracking bugs for this issue:
Affects: fedora-34 [bug 2089282] Affects: fedora-35 [bug 2089281]
https://bugzilla.redhat.com/show_bug.cgi?id=2088233
--- Doc Text *updated* by Sandipan Roy saroy@redhat.com --- A flaw was found in BusyBox, where it did not properly sanitize while processing a crafted awk pattern, leading to possible code execution. The highest threat from this vulnerability is confidentiality, integrity, as well as system availability.
https://bugzilla.redhat.com/show_bug.cgi?id=2088233
--- Doc Text *updated* by RaTasha Tillery-Smith rtillery@redhat.com --- A flaw was found in BusyBox. It did not properly sanitize while processing a crafted awk pattern, leading to possible code execution.
https://bugzilla.redhat.com/show_bug.cgi?id=2088233
--- Comment #2 from Product Security DevOps Team prodsec-dev@redhat.com --- This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2022-30065
https://bugzilla.redhat.com/show_bug.cgi?id=2088233
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX Last Closed| |2022-05-23 13:43:28
https://bugzilla.redhat.com/show_bug.cgi?id=2088233 Bug 2088233 depends on bug 2089282, which changed state.
Bug 2089282 Summary: CVE-2022-30065 busybox: A use-after-free in Busybox's awk applet leads to denial of service [fedora-34] https://bugzilla.redhat.com/show_bug.cgi?id=2089282
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
https://bugzilla.redhat.com/show_bug.cgi?id=2088233 Bug 2088233 depends on bug 2089281, which changed state.
Bug 2089281 Summary: CVE-2022-30065 busybox: A use-after-free in Busybox's awk applet leads to denial of service [fedora-35] https://bugzilla.redhat.com/show_bug.cgi?id=2089281
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
epel-packagers-sig@lists.fedoraproject.org