{"vulnerability": "CVE-2021-28831", "sightings": [{"uuid": "6dfc075f-2ee7-4205-844d-1138e6d1b15f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-28831", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15843", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-28831\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N)\n\ud83d\udd39 Description: decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.\n\ud83d\udccf Published: 2021-03-19T04:01:54.000Z\n\ud83d\udccf Modified: 2025-05-09T20:03:30.384Z\n\ud83d\udd17 References:\n1. https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd\n2. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/\n3. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/\n4. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/\n5. https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html\n6. https://security.gentoo.org/glsa/202105-09", "creation_timestamp": "2025-05-09T20:26:19.000000Z"}]}