Description
BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6_OPT_DNS_SERVERS option. Attackers can exploit incorrect heap buffer allocation calculations in the option_to_env() function to cause denial of service or achieve arbitrary code execution on embedded systems without heap hardening.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 11 | | =1:1.30.1-6 || =1:1.30.1-6+deb11u1 || =1:1.30.1-7 || =1:1.35.0-1 || =1:1.35.0-2 || =1:1.35.0-2+hurd.1 || =1:1.35.0-2+hurd.2 || =1:1.35.0-3 || =1:1.35.0-4 || =1:1.36.0-1~exp1 || =1:1.36.1-1 || =1:1.36.1-2 || =1:1.36.1-3 || =1:1.36.1-3.1 || =1:1.36.1-4 || =1:1.36.1-5 || =1:1.36.1-6 || =1:1.36.1-6~exp.1 || =1:1.36.1-7 || =1:1.36.1-8 || =1:1.36.1-9 || =1:1.37.0-1 || =1:1.37.0-10 || =1:1.37.0-10.1 || =1:1.37.0-2 || =1:1.37.0-3 || =1:1.37.0-4 || =1:1.37.0-5 || =1:1.37.0-6 || =1:1.37.0-7 || =1:1.37.0-8 || =1:1.37.0-9 |
debian 12 | | =1:1.35.0-4 || =1:1.35.0-4+deb12u1 || =1:1.36.0-1~exp1 || =1:1.36.1-1 || =1:1.36.1-2 || =1:1.36.1-3 || =1:1.36.1-3.1 || =1:1.36.1-4 || =1:1.36.1-5 || =1:1.36.1-6 || =1:1.36.1-6~exp.1 || =1:1.36.1-7 || =1:1.36.1-8 || =1:1.36.1-9 || =1:1.37.0-1 || =1:1.37.0-10 || =1:1.37.0-10.1 || =1:1.37.0-2 || =1:1.37.0-3 || =1:1.37.0-4 || =1:1.37.0-5 || =1:1.37.0-6 || =1:1.37.0-7 || =1:1.37.0-8 || =1:1.37.0-9 |
debian 13 | | =1:1.37.0-10 || =1:1.37.0-10.1 || =1:1.37.0-6 || =1:1.37.0-7 || =1:1.37.0-8 || =1:1.37.0-9 |
debian 14 | | =1:1.37.0-10 || =1:1.37.0-10.1 || =1:1.37.0-6 || =1:1.37.0-7 || =1:1.37.0-8 || =1:1.37.0-9 |
