An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679.
{ "binaries": [ { "binary_name": "busybox", "binary_version": "1:1.21.0-1ubuntu1.4" }, { "binary_name": "busybox-dbgsym", "binary_version": "1:1.21.0-1ubuntu1.4" }, { "binary_name": "busybox-initramfs", "binary_version": "1:1.21.0-1ubuntu1.4" }, { "binary_name": "busybox-initramfs-dbgsym", "binary_version": "1:1.21.0-1ubuntu1.4" }, { "binary_name": "busybox-static", "binary_version": "1:1.21.0-1ubuntu1.4" }, { "binary_name": "busybox-static-dbgsym", "binary_version": "1:1.21.0-1ubuntu1.4" }, { "binary_name": "busybox-syslogd", "binary_version": "1:1.21.0-1ubuntu1.4" }, { "binary_name": "busybox-udeb", "binary_version": "1:1.21.0-1ubuntu1.4" }, { "binary_name": "busybox-udeb-dbgsym", "binary_version": "1:1.21.0-1ubuntu1.4" }, { "binary_name": "udhcpc", "binary_version": "1:1.21.0-1ubuntu1.4" }, { "binary_name": "udhcpd", "binary_version": "1:1.21.0-1ubuntu1.4" } ], "ubuntu_priority": "medium", "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "busybox", "binary_version": "1:1.22.0-15ubuntu1.4" }, { "binary_name": "busybox-dbgsym", "binary_version": "1:1.22.0-15ubuntu1.4" }, { "binary_name": "busybox-initramfs", "binary_version": "1:1.22.0-15ubuntu1.4" }, { "binary_name": "busybox-initramfs-dbgsym", "binary_version": "1:1.22.0-15ubuntu1.4" }, { "binary_name": "busybox-static", "binary_version": "1:1.22.0-15ubuntu1.4" }, { "binary_name": "busybox-static-dbgsym", "binary_version": "1:1.22.0-15ubuntu1.4" }, { "binary_name": "busybox-syslogd", "binary_version": "1:1.22.0-15ubuntu1.4" }, { "binary_name": "busybox-udeb", "binary_version": "1:1.22.0-15ubuntu1.4" }, { "binary_name": "busybox-udeb-dbgsym", "binary_version": "1:1.22.0-15ubuntu1.4" }, { "binary_name": "udhcpc", "binary_version": "1:1.22.0-15ubuntu1.4" }, { "binary_name": "udhcpd", "binary_version": "1:1.22.0-15ubuntu1.4" } ], "ubuntu_priority": "medium", "availability": "No subscription required" }
{ "binaries": [ { "binary_name": "busybox", "binary_version": "1:1.27.2-2ubuntu3.2" }, { "binary_name": "busybox-dbgsym", "binary_version": "1:1.27.2-2ubuntu3.2" }, { "binary_name": "busybox-initramfs", "binary_version": "1:1.27.2-2ubuntu3.2" }, { "binary_name": "busybox-initramfs-dbgsym", "binary_version": "1:1.27.2-2ubuntu3.2" }, { "binary_name": "busybox-static", "binary_version": "1:1.27.2-2ubuntu3.2" }, { "binary_name": "busybox-static-dbgsym", "binary_version": "1:1.27.2-2ubuntu3.2" }, { "binary_name": "busybox-syslogd", "binary_version": "1:1.27.2-2ubuntu3.2" }, { "binary_name": "busybox-udeb", "binary_version": "1:1.27.2-2ubuntu3.2" }, { "binary_name": "udhcpc", "binary_version": "1:1.27.2-2ubuntu3.2" }, { "binary_name": "udhcpd", "binary_version": "1:1.27.2-2ubuntu3.2" } ], "ubuntu_priority": "medium", "availability": "No subscription required" }