{"id":"CVE-2015-9261","details":"huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file.","modified":"2026-04-16T06:16:25.884840950Z","published":"2018-07-26T19:29:00Z","related":["SUSE-SU-2022:0135-1","SUSE-SU-2022:0135-2","SUSE-SU-2022:3959-1","SUSE-SU-2022:4253-1","openSUSE-SU-2022:0135-1","openSUSE-SU-2024:11738-1"],"references":[{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2019/Jun/18"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2019/Sep/7"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2020/Aug/20"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2022/Jun/36"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2015/10/25/3"},{"type":"ADVISORY","url":"https://bugs.debian.org/803097"},{"type":"ADVISORY","url":"https://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Jun/14"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Sep/7"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3935-1/"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2019/Jun/18"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2019/Sep/7"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2020/Aug/20"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2022/Jun/36"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2015/10/25/3"},{"type":"ARTICLE","url":"https://bugs.debian.org/803097"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html"},{"type":"ARTICLE","url":"https://seclists.org/bugtraq/2019/Jun/14"},{"type":"ARTICLE","url":"https://seclists.org/bugtraq/2019/Sep/7"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2019/Jun/18"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2019/Sep/7"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2020/Aug/20"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2022/Jun/36"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2015/10/25/3"},{"type":"EVIDENCE","url":"https://seclists.org/bugtraq/2019/Jun/14"},{"type":"EVIDENCE","url":"https://seclists.org/bugtraq/2019/Sep/7"},{"type":"FIX","url":"https://bugs.debian.org/803097"},{"type":"FIX","url":"https://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e"},{"type":"REPORT","url":"https://bugs.debian.org/803097"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}