Bug 13761

Summary: Critical CVE linked to busybox component - CVE-2015-4042 (/busybox/arch)
Product: Busybox Reporter: Rahul <iamrahul345>
Component: OtherAssignee: unassigned
Status: NEW ---    
Severity: critical CC: busybox-cvs
Priority: P5    
Version: 1.32.x   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Host: Target:
Build:

Description Rahul 2021-04-20 09:03:09 UTC 
{
  "name": "CVE-2015-4042",
  "description": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.",
  "nvd_score": 7.5,
  "nvd_score_version": "CVSS v2",
  "nvd_vectors": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "nvd_severity": "high",
  "nvd_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4042",
  "publish_date": "2020-01-24",
  "modification_date": "2020-02-01",
  "nvd_score_v3": 9.8,
  "nvd_vectors_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "nvd_severity_v3": "critical",
  "aqua_score": 9.8,
  "aqua_severity": "critical",
  "aqua_vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "aqua_scoring_system": "CVSS V3",
  "aqua_severity_classification": "NVD CVSS V3 Score: 9.8",
  "aqua_score_classification": "NVD CVSS V3 Score: 9.8"
}


This CVE seems to be critical. as per
https://nvd.nist.gov/vuln/detail/CVE-2015-4042
Comment 1 Denys Vlasenko 2021-04-20 14:56:23 UTC 
Does this bug exist in busybox?