Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
18 Feb 2021, 14:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
|
References | (FULLDISC) http://seclists.org/fulldisclosure/2020/Aug/20 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/201612-04 - Third Party Advisory | |
References | (BUGTRAQ) https://seclists.org/bugtraq/2019/Jun/14 - Exploit, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3935-1/ - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html - Exploit, Third Party Advisory, VDB Entry | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2019/Jun/18 - Exploit, Mailing List, Third Party Advisory | |
References | (BUGTRAQ) https://seclists.org/bugtraq/2019/Sep/7 - Exploit, Mailing List, Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2019/Sep/7 - Exploit, Mailing List, Third Party Advisory |
15 Feb 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2017-02-09 15:59
Updated : 2023-12-10 12:01
NVD link : CVE-2016-2147
Mitre link : CVE-2016-2147
CVE.ORG link : CVE-2016-2147
JSON object : View
Products Affected
busybox
- busybox
canonical
- ubuntu_linux
debian
- debian_linux
CWE
CWE-190
Integer Overflow or Wraparound