Published: 26/07/2018 Updated: 29/10/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

huft_build in archival/libarchive/decompress_gunzip.c in BusyBox prior to 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
busybox busybox
debian debian linux 8.0
debian debian linux 9.0
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04

Debian Bug report logs - #803097 busybox: CVE-2015-9261: segmentation fault while unzipping bad archive Package: busybox; Maintainer for busybox is Debian Install System Team <debian-boot@listsdebianorg>; Source for busybox is src:busybox (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Mon, 26 O ...

Several security issues were fixed in BusyBox ...

ZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV10001 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver ...

Nexans FTTO GigaSwitch industrial/office switches HW version 5 suffer from having a hardcoded backdoor user and multiple outdated vulnerable software components ...

The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector ...

Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities ...

Full Disclosure mailing list archives   By Date By Thread </form>    SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series <!--X-Subject-Heade ...

Full Disclosure mailing list archives   By Date By Thread </form>    SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X <!--X-Subject-Head ...

Full Disclosure mailing list archives   By Date By Thread </form>    SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S  <!--X-H ...

CWE-476 https://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e https://bugs.debian.org/803097 http://www.openwall.com/lists/oss-security/2015/10/25/3 https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html https://usn.ubuntu.com/3935-1/http://seclists.org/fulldisclosure/2019/Jun/18 https://seclists.org/bugtraq/2019/Jun/14 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://seclists.org/fulldisclosure/2019/Sep/7 https://seclists.org/bugtraq/2019/Sep/7 http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://seclists.org/fulldisclosure/2020/Aug/20 https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html http://seclists.org/fulldisclosure/2022/Jun/36 http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803097 https://usn.ubuntu.com/3935-1/https://nvd.nist.gov

CVE-2015-9261

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect