The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.
https://usn.ubuntu.com/3935-1/
https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html
https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0