CVE-2017-15873

Name

CVE-2017-15873

Description

The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Exploit	https://bugs.busybox.net/show_bug.cgi?id=10431
Issue Tracking	https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0
Mailing List	https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html
Mailing List	https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html
Third Party Advisory	https://usn.ubuntu.com/3935-1/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:busybox:busybox:1.27.2:::::::*`	busybox	== None	== 1.27.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
busybox	edge-main	1.27.2-r4	None	fixed
busybox	3.22-main	1.27.2-r4	None	fixed
busybox	3.21-main	1.27.2-r4	None	fixed
busybox	3.20-main	1.27.2-r4	None	fixed
busybox	3.19-main	1.27.2-r4	None	fixed
busybox	3.18-main	1.27.2-r4	None	fixed
busybox	3.17-main	1.27.2-r4	None	fixed
busybox	3.12-main	1.27.2-r4	None	fixed
busybox	3.11-main	1.27.2-r4	None	fixed
busybox	3.10-main	1.27.2-r4	None	fixed