BusyBox CVE-2022-48174 in Bookworm

To: busybox@packages.debian.org
Subject: BusyBox CVE-2022-48174 in Bookworm
From: Wolfgang Ocker <weo@reccoware.de>
Date: Tue, 21 Oct 2025 11:20:33 +0200
Message-id: <[🔎] f439a9110d5a5bb36453b03d197a5d6ad1162610.camel@reccoware.de>

Hello Busybox Package Maintainers:

I hope I have found the correct email address for my question.

https://security-tracker.debian.org/tracker/CVE-2022-48174

It says here that the stack overflow bug in Busybox (CVE-2022-48174)
has not yet been fixed in Bookworm because it is only a minor issue.
I would be very interested to know why you came to this conclusion, as
I can't find any reference to it in the corresponding bug tracker
entry:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059049

Is there perhaps already a date when a fix for Bookworm will be
released?

I would like to thank you very much!

Best regards,
Wolfgang

Reply to:

Follow-Ups:
- Re: BusyBox CVE-2022-48174 in Bookworm
  - From: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>

Prev by Date: Re: Make d-i packages usrmerge-ready?
Next by Date: Bug#1118486: rootskel-gtk: testing/unstable d-i snapshots should not identify themselves as Debian 13
Previous by thread: Processing of console-setup_1.243_source.changes
Next by thread: Re: BusyBox CVE-2022-48174 in Bookworm
Index(es):
- Date
- Thread