CVE-2015-9261

MEDIUM

BusyBox < 1.27.2 - Denial of Service via Crafted ZIP File

Title source: llm
STIX 2.1

Description

huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.

References (15)

Core 15
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2015/10/25/3
Issue Tracking, Mailing List, Patch, Third Party Advisory x_refsource_misc
https://bugs.debian.org/803097
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3935-1/
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Jun/18
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Jun/14
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Sep/7
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Sep/7
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Aug/20
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2022/Jun/36

Scores

CVSS v3 5.5
EPSS 0.0237
EPSS Percentile 81.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-476
Status published
Products (5)
busybox/busybox < 1.27.2
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
debian/debian_linux 8.0
debian/debian_linux 9.0
Published Jul 26, 2018
Tracked Since Feb 18, 2026