Skip to main content

Busybox CVE-2018-1000517

CRITICAL
Classic Buffer Overflow (CWE-120)
2018-06-26 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 26, 2018 - 16:29 nvd
CRITICAL 9.8

DescriptionNVD

BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e.

AnalysisAI

BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in after commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e. Affected products include: Busybox, Debian Debian Linux, Canonical Ubuntu Linux.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

CVE-2016-2148 CRITICAL POC
9.8 Feb 09

Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecif

CVE-2017-16544 HIGH POC
8.8 Nov 20

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used

CVE-2016-2147 HIGH POC
7.5 Feb 09

Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of servi

CVE-2022-28391 HIGH POC
8.8 Apr 03

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's

CVE-2022-30065 HIGH POC
7.8 May 18

A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a

CVE-2019-5747 HIGH POC
7.5 Jan 09

An issue was discovered in BusyBox through 1.30.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploi

CVE-2013-1813 HIGH POC
7.2 Nov 23

util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories

CVE-2021-42377 CRITICAL
9.8 Nov 15

An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when

CVE-2017-15873 MEDIUM POC
5.5 Oct 24

The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that m

CVE-2023-42366 MEDIUM POC
5.5 Nov 27

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. Rated medium severit

CVE-2023-42365 MEDIUM POC
5.5 Nov 27

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar functio

CVE-2023-42364 MEDIUM POC
5.5 Nov 27

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk patte

Share

CVE-2018-1000517 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy