rpm package
suse/busybox&distro=SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS
Vulnerabilities (28)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-16544 | Hig | 8.8 | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Nov 20, 2017 | In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially res | |
| CVE-2017-15874 | Med | 5.0 | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Oct 24, 2017 | archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation. | |
| CVE-2017-15873 | Med | 5.5 | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Oct 24, 2017 | The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation. | |
| CVE-2011-5325 | Hig | 7.5 | < 1.26.2-4.5.1 | 1.26.2-4.5.1 | Aug 7, 2017 | Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink. | |
| CVE-2014-9645 | Med | 5.5 | < 1.35.0-150000.4.14.1 | 1.35.0-150000.4.14.1 | Mar 12, 2017 | The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" c | |
| CVE-2016-2148 | Cri | 9.8 | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Feb 9, 2017 | Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. | |
| CVE-2016-2147 | Hig | 7.5 | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Feb 9, 2017 | Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write. | |
| CVE-2016-6301 | Hig | 7.5 | < 1.34.1-4.9.1 | 1.34.1-4.9.1 | Dec 9, 2016 | The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop. |
- affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially res
- affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.
- affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.
- affected < 1.26.2-4.5.1fixed 1.26.2-4.5.1
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
- affected < 1.35.0-150000.4.14.1fixed 1.35.0-150000.4.14.1
The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" c
- affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.
- affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
- affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.
Page 2 of 2