CVE-2017-15873

MEDIUM

BusyBox - Integer Overflow in get_next_block Function

Title source: llm

Description

The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.

References (5)

Core 5

Core References

Issue Tracking, Patch, Third Party Advisory x_refsource_misc

https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html

Exploit, Issue Tracking, Third Party Advisory x_refsource_misc

https://bugs.busybox.net/show_bug.cgi?id=10431

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3935-1/

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html

Scores

CVSS v3 5.5

EPSS 0.0132

EPSS Percentile 67.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (7)

busybox/busybox 1.27.2

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 18.10

debian/debian_linux 8.0

debian/debian_linux 9.0

Published Oct 24, 2017

Tracked Since Feb 18, 2026