Back to search
CVE-2016-2147
Published: Feb 9, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20160311 two udhcpc (busybox) issues
mailing-list
x_refsource_MLIST
GLSA-201612-04
vendor-advisory
x_refsource_GENTOO
[debian-lts-announce] 20180727 [SECURITY] [DLA 1445-1] busybox security update
mailing-list
x_refsource_MLIST
https://busybox.net/news.html
x_refsource_CONFIRM
USN-3935-1
vendor-advisory
x_refsource_UBUNTU
20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
mailing-list
x_refsource_FULLDISC
20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
mailing-list
x_refsource_BUGTRAQ
20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
mailing-list
x_refsource_FULLDISC
20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
mailing-list
x_refsource_BUGTRAQ
20200827 SEC Consult SA-20200827-0 :: Multiple Vulnerabilities in ZTE mobile Hotspot MS910S
mailing-list
x_refsource_FULLDISC
[debian-lts-announce] 20210215 [SECURITY] [DLA 2559-1] busybox security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now