Denial Of Serivce (DoS)

2020-05-1023:28:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

38.6%

JSON

busybox is vulnerable to denial of service. An integer overflow in the get_next_block function in archival/libarchive/decompress_bunzip2.c may lead to a write access violation and result in an application crash.

CPENameOperatorVersion
busybox:3.3eq1.24.2-r1
busybox:trustyeq1:1.21.0-1ubuntu1
busybox:xenialeq1:1.22.0-15ubuntu1
busybox:stretcheq1:1.22.0-19+b3

Name	Operator	Version
busybox:3.3	eq	1.24.2-r1
busybox:trusty	eq	1:1.21.0-1ubuntu1
busybox:xenial	eq	1:1.22.0-15ubuntu1
busybox:stretch	eq	1:1.22.0-19+b3

References

bugs.busybox.net/show_bug.cgi?id=10431

git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0

lists.debian.org/debian-lts-announce/2018/07/msg00037.html

lists.debian.org/debian-lts-announce/2021/02/msg00020.html

usn.ubuntu.com/3935-1/

0.001 Low

EPSS

Percentile

38.6%

JSON

Related for VERACODE:25358