CVE-2015-9261

🗓️ 26 Jul 2018 00:00:00Reported by ubuntu.comType

ubuntucve

ubuntucve🔗 ubuntu.com👁 37 Views

huft_build in decompress_gunzip.c misuses pointer causing segfaults and app crash unzip operation on ZIP fil

Reporter	Title	Published	Views	Family All 74
0day.today	Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor Vulnerability	21 Jun 202200:00	–	zdt
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows	25 Feb 201920:40	–	ibm
BDU FSTEC	The vulnerability of the `huft_build` function in the `archival/libarchive/decompress_gunzip.c` component of the BusyBox command-line utility suite, related to the manipulation of the null pointer, allows a malicious actor to trigger a denial-of-service attack.	2 Jul 202100:00	–	bdu_fstec
Cloud Foundry	USN-3935-1: BusyBox vulnerabilities \| Cloud Foundry	12 Apr 201900:00	–	cloudfoundry
CVE	CVE-2015-9261	26 Jul 201819:00	–	cve
Cvelist	CVE-2015-9261	26 Jul 201819:00	–	cvelist
Debian	[SECURITY] [DLA 1445-1] busybox security update	27 Jul 201804:39	–	debian
Debian	[SECURITY] [DLA 1445-2] busybox regression update	2 Aug 201801:18	–	debian
Debian	[SECURITY] [DLA 2559-1] busybox security update	15 Feb 202111:56	–	debian
Debian CVE	CVE-2015-9261	26 Jul 201819:00	–	debiancve

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	14.04	any	busybox	1:1.21.0-1ubuntu1.4	busybox_1:1.21.0-1ubuntu1.4_any.deb
Ubuntu	16.04	any	busybox	1:1.22.0-15ubuntu1.4	busybox_1:1.22.0-15ubuntu1.4_any.deb

Source	Link
openwall	www.openwall.com/lists/oss-security/2015/10/25/3
ubuntu	www.ubuntu.com/security/notices/USN-3935-1
cve	www.cve.org/CVERecord

25 Aug 2025 21:50Current

6.8Medium risk

Vulners AI Score6.8

CVSS 24.3

CVSS 3.15.5

EPSS0.00811

huft_build decompress_gunzip.c segfaults app crash unzip operation zip file