[Bug 13761] New: Critical CVE linked to busybox component - Aqua reports CVE-2015-4042 (/busybox/arch)

bugzilla at busybox.net bugzilla at busybox.net
Tue Apr 20 09:03:09 UTC 2021


https://bugs.busybox.net/show_bug.cgi?id=13761

            Bug ID: 13761
           Summary: Critical CVE linked to busybox component - Aqua
                    reports CVE-2015-4042 (/busybox/arch)
           Product: Busybox
           Version: 1.32.x
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P5
         Component: Other
          Assignee: unassigned at busybox.net
          Reporter: iamrahul345 at gmail.com
                CC: busybox-cvs at busybox.net
  Target Milestone: ---

{
  "name": "CVE-2015-4042",
  "description": "Integer overflow in the keycompare_mb function in sort.c in
sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of
service (application crash) or possibly have unspecified other impact via long
strings.",
  "nvd_score": 7.5,
  "nvd_score_version": "CVSS v2",
  "nvd_vectors": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "nvd_severity": "high",
  "nvd_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4042",
  "publish_date": "2020-01-24",
  "modification_date": "2020-02-01",
  "nvd_score_v3": 9.8,
  "nvd_vectors_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "nvd_severity_v3": "critical",
  "aqua_score": 9.8,
  "aqua_severity": "critical",
  "aqua_vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "aqua_scoring_system": "CVSS V3",
  "aqua_severity_classification": "NVD CVSS V3 Score: 9.8",
  "aqua_score_classification": "NVD CVSS V3 Score: 9.8"
}


This CVE seems to be critical. as per
https://nvd.nist.gov/vuln/detail/CVE-2015-4042

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the busybox-cvs mailing list