rpm package

suse/busybox&distro=SUSE Linux Enterprise Real Time 15 SP2

pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2

Vulnerabilities (27)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-16544	Hig	8.8	< 1.34.1-4.9.1	1.34.1-4.9.1	Nov 20, 2017	In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially res
CVE-2017-15874	Med	5.0	< 1.34.1-4.9.1	1.34.1-4.9.1	Oct 24, 2017	archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.
CVE-2017-15873	Med	5.5	< 1.34.1-4.9.1	1.34.1-4.9.1	Oct 24, 2017	The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.
CVE-2011-5325	Hig	7.5	< 1.34.1-4.9.1	1.34.1-4.9.1	Aug 7, 2017	Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
CVE-2016-2148	Cri	9.8	< 1.34.1-4.9.1	1.34.1-4.9.1	Feb 9, 2017	Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.
CVE-2016-2147	Hig	7.5	< 1.34.1-4.9.1	1.34.1-4.9.1	Feb 9, 2017	Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
CVE-2016-6301	Hig	7.5	< 1.34.1-4.9.1	1.34.1-4.9.1	Dec 9, 2016	The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.

CVE-2017-16544HigNov 20, 2017
affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially res
CVE-2017-15874MedOct 24, 2017
affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.
CVE-2017-15873MedOct 24, 2017
affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.
CVE-2011-5325HigAug 7, 2017
affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
CVE-2016-2148CriFeb 9, 2017
affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.
CVE-2016-2147HigFeb 9, 2017
affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
CVE-2016-6301HigDec 9, 2016
affected < 1.34.1-4.9.1fixed 1.34.1-4.9.1
The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.

Page 2 of 2