DEBIAN-CVE-2011-2716

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2011-2716

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2011-2716.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2011-2716

Upstream

CVE-2011-2716

Published

2012-07-03T16:40:30Z

Modified

2025-09-19T06:27:49Z

Summary

[none]

Details

The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOSTNAME, (2) DOMAINNAME, (3) NISDOMAIN, and (4) TFTPSERVER_NAME host name options.

References

https://security-tracker.debian.org/tracker/CVE-2011-2716

Affected packages

Debian:11 / busybox

Package

Name: busybox
Purl: pkg:deb/debian/busybox?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.20.0-3

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / busybox

Package

Name: busybox
Purl: pkg:deb/debian/busybox?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.20.0-3

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / busybox

Package

Name: busybox
Purl: pkg:deb/debian/busybox?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.20.0-3

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / busybox

Package

Name: busybox
Purl: pkg:deb/debian/busybox?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.20.0-3

Ecosystem specific

{
    "urgency": "unimportant"
}