Launchpad CVE tracker

CVE 2016-2147

Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.

See the

CVE page on Mitre.org for more details.

References

MISC: http://packetstormsecu...
MISC: http://packetstormsecu...
MISC: http://seclists.org/fu...
MISC: https://seclists.org/b...
MISC: http://seclists.org/fu...
MISC: https://seclists.org/b...
MISC: http://seclists.org/fu...
MISC: https://security.gento...
MISC: https://usn.ubuntu.com...
MISC: https://lists.debian.o...
MISC: https://lists.debian.o...
MISC: http://www.openwall.co...
MISC: https://busybox.net/ne...
MISC: https://git.busybox.ne...

Launchpad.net

CVE 2016-2147

Related bugs

References