Bug 13761 - Critical CVE linked to busybox component - CVE-2015-4042 (/busybox/arch)
Summary: Critical CVE linked to busybox component - CVE-2015-4042 (/busybox/arch)
Status: NEW
Alias: None
Product: Busybox
Classification: Unclassified
Component: Other (show other bugs)
Version: 1.32.x
Hardware: All Linux
: P5 critical
Target Milestone: ---
Assignee: unassigned
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-20 09:03 UTC by Rahul
Modified: 2021-04-20 14:56 UTC (History)
1 user (show)

See Also:
Host:
Target:
Build:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Rahul 2021-04-20 09:03:09 UTC 
{
  "name": "CVE-2015-4042",
  "description": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.",
  "nvd_score": 7.5,
  "nvd_score_version": "CVSS v2",
  "nvd_vectors": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "nvd_severity": "high",
  "nvd_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4042",
  "publish_date": "2020-01-24",
  "modification_date": "2020-02-01",
  "nvd_score_v3": 9.8,
  "nvd_vectors_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "nvd_severity_v3": "critical",
  "aqua_score": 9.8,
  "aqua_severity": "critical",
  "aqua_vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "aqua_scoring_system": "CVSS V3",
  "aqua_severity_classification": "NVD CVSS V3 Score: 9.8",
  "aqua_score_classification": "NVD CVSS V3 Score: 9.8"
}


This CVE seems to be critical. as per
https://nvd.nist.gov/vuln/detail/CVE-2015-4042
Comment 1 Denys Vlasenko 2021-04-20 14:56:23 UTC 
Does this bug exist in busybox?