Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 02:47
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html - Exploit, Third Party Advisory, VDB Entry | |
References | () http://seclists.org/fulldisclosure/2019/Jun/18 - Exploit, Mailing List, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2019/Sep/7 - Exploit, Mailing List, Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2020/Aug/20 - Exploit, Mailing List, Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2016/03/11/16 - Mailing List, Patch, Third Party Advisory | |
References | () https://busybox.net/news.html - Vendor Advisory | |
References | () https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87 - Patch, Vendor Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html - Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html - Mailing List, Third Party Advisory | |
References | () https://seclists.org/bugtraq/2019/Jun/14 - Exploit, Mailing List, Third Party Advisory | |
References | () https://seclists.org/bugtraq/2019/Sep/7 - Exploit, Mailing List, Third Party Advisory | |
References | () https://security.gentoo.org/glsa/201612-04 - Third Party Advisory | |
References | () https://usn.ubuntu.com/3935-1/ - Third Party Advisory |
Information
Published : 2017-02-09 15:59
Updated : 2024-11-21 02:47
NVD link : CVE-2016-2147
Mitre link : CVE-2016-2147
CVE.ORG link : CVE-2016-2147
JSON object : View
Products Affected
busybox
- busybox
debian
- debian_linux
canonical
- ubuntu_linux
CWE
CWE-190
Integer Overflow or Wraparound