CVE-2015-9261 — NULL Pointer Dereference in Busybox

CWE-476 — NULL Pointer Dereference CWE-682 — Incorrect Calculation CWE-125 — Out-of-bounds Read10 documents9 sources

Severity

5.5MEDIUMNVD

OSV7.5

EPSS

0.8%

top 25.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Busybox Debian Busybox Canonical Ubuntu Linux +1 more

Timeline

PublishedJul 26

Latest updateDec 29

Description

huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/busybox< busybox 1:1.27.2-1 (bookworm)

▶NVDbusybox/busybox< 1.27.2

▶Debianbusybox/busybox< 1:1.27.2-1+3

▶Ubuntubusybox/busybox< 1:1.21.0-1ubuntu1.4+2

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04

Patches

Patch: bugs.debian.org ↗Patch: git.busybox.net ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-4ph6-v858-6wh9: huft_build in archival/libarchive/decompress_gunzip↗2022-05-13

▶

OSV

busybox vulnerabilities↗2019-04-03

▶

OSV

CVE-2015-9261: huft_build in archival/libarchive/decompress_gunzip↗2018-07-26

▶

📋Vendor Advisories

CISA ICS

Advantech Spectre RT Industrial Routers↗2021-02-23

▶

Ubuntu

BusyBox vulnerabilities↗2019-04-03

▶

Red Hat

busybox: Segmentation fault when unzipping specially crafted zip file↗2015-10-25

▶

Debian

CVE-2015-9261: busybox - huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 m...↗2015

▶

📄Research Papers

arXiv

One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware↗2022-12-29

▶

💬Community

Bugzilla

CVE-2015-9261 busybox: Segmentation fault when unzipping specially crafted zip file↗2015-10-29

▶