Bug 15829

Summary: Memory vulnerabilities in awk and sed
Product: Busybox Reporter: Tuba Yavuz <tuba>
Component: OtherAssignee: unassigned
Status: NEW ---    
Severity: critical CC: busybox-cvs
Priority: P5    
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Host: Target:
Build:

Description Tuba Yavuz 2023-10-26 14:08:57 UTC 
Hello,

Our research group has found some exploitable vulnerabilities in BusyBox 1.36.0 using the AFL fuzzer. We used the defconfig as well as several configuration files generated by our own tool. We will provide all the details. However, we wonder if this is a secure channel to discuss the vulnerabilities. Please let us know. Thanks.

Tuba