CVE-2017-15874
Published: 24 October 2017
archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.
Notes
Author | Note |
---|---|
mdeslaur | 1.27.2 only, introduced by: https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0 |
Priority
CVSS 3 base score: 5.5
Status
Package | Release | Status |
---|---|---|
busybox Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
precise |
Not vulnerable
(code not present)
|
|
trusty |
Not vulnerable
(code not present)
|
|
xenial |
Not vulnerable
(code not present)
|
|
zesty |
Not vulnerable
(code not present)
|
|
artful |
Not vulnerable
(code not present)
|
|
Patches: upstream: https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b |