CVE-2021-28831

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

Published Dec 18, 2025

https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd https://security.gentoo.org/glsa/202105-09

CVSS ScoreHigh

7.5

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2021-28831

decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.

Published Dec 18, 2025

https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd https://security.gentoo.org/glsa/202105-09

CVSS ScoreHigh

7.5


rpm	busybox	1
rpm	busybox-petitboot	1

Ecosystem	Package	Version


rpm	busybox	1
rpm	busybox-petitboot	1

Find vulnerabilities. Fix fast with AI.

CVE-2021-28831

CVE-2021-28831