Skip to main content

Busybox CVE-2016-2148

CRITICAL
Buffer Overflow (CWE-119)
2017-02-09 secalert@redhat.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 09, 2017 - 15:59 cve.org
CRITICAL 9.8

DescriptionCVE.org

Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.

AnalysisAI

Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 15.8%.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing. Affected products include: Busybox, Debian Debian Linux, Canonical Ubuntu Linux. Version information: before 1.25.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2017-16544 HIGH POC
8.8 Nov 20

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used

CVE-2016-2147 HIGH POC
7.5 Feb 09

Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of servi

CVE-2022-28391 HIGH POC
8.8 Apr 03

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's

CVE-2022-30065 HIGH POC
7.8 May 18

A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a

CVE-2019-5747 HIGH POC
7.5 Jan 09

An issue was discovered in BusyBox through 1.30.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploi

CVE-2013-1813 HIGH POC
7.2 Nov 23

util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories

CVE-2021-42377 CRITICAL
9.8 Nov 15

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when

CVE-2018-1000517 CRITICAL
9.8 Jun 26

BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow

CVE-2017-15873 MEDIUM POC
5.5 Oct 24

The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that m

CVE-2023-42366 MEDIUM POC
5.5 Nov 27

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. Rated medium severit

CVE-2023-42365 MEDIUM POC
5.5 Nov 27

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar functio

CVE-2023-42364 MEDIUM POC
5.5 Nov 27

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk patte

Share

CVE-2016-2148 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy