Fluid Attacks Database

Description

Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.4	busybox	=1.12.1-r1 \|\| =1.12.1-r5 \|\| =1.12.1-r6 \|\| =1.13.0-r0 \|\| =1.13.0-r1 \|\| =1.13.0-r2 \|\| =1.13.1-r0 \|\| =1.13.2-r0 \|\| =1.13.2-r1 \|\| =1.13.2-r2 \|\| =1.13.2-r3 \|\| =1.13.2-r4 \|\| =1.13.2-r5 \|\| =1.13.3-r1 \|\| =1.13.3-r2 \|\| =1.13.3-r3 \|\| =1.13.3-r4 \|\| =1.13.3-r5 \|\| =1.13.4-r0 \|\| =1.13.4-r1 \|\| =1.13.4-r2 \|\| =1.14.1-r0 \|\| =1.14.1-r1 \|\| =1.14.1-r2 \|\| =1.14.2-r0 \|\| =1.14.2-r1 \|\| =1.14.2-r2 \|\| =1.14.3-r0 \|\| =1.14.3-r1 \|\| =1.14.3-r2 \|\| =1.14.3-r3 \|\| =1.14.3-r4 \|\| =1.14.3-r5 \|\| =1.14.3-r6 \|\| =1.14.3-r7 \|\| =1.14.4-r0 \|\| =1.15.2-r0 \|\| =1.15.2-r1 \|\| =1.15.3-r0 \|\| =1.15.3-r1 \|\| =1.16.0-r0 \|\| =1.16.0-r1 \|\| =1.16.0-r2 \|\| =1.16.0-r3 \|\| =1.16.0-r4 \|\| =1.16.0-r5 \|\| =1.16.0-r6 \|\| =1.16.0-r7 \|\| =1.16.1-r0 \|\| =1.16.1-r1 \|\| =1.16.1-r2 \|\| =1.16.1-r3 \|\| =1.16.1-r4 \|\| =1.16.2-r0 \|\| =1.16.2-r1 \|\| =1.16.2-r2 \|\| =1.17.0-r0 \|\| =1.17.0-r1 \|\| =1.17.0-r2 \|\| =1.17.0-r3 \|\| =1.17.0-r4 \|\| =1.17.1-r0 \|\| =1.17.1-r1 \|\| =1.17.1-r2 \|\| =1.17.1-r3 \|\| =1.17.1-r4 \|\| =1.17.2-r0 \|\| =1.17.3-r0 \|\| =1.17.3-r1 \|\| =1.17.3-r2 \|\| =1.17.3-r3 \|\| =1.17.4-r0 \|\| =1.17.4-r1 \|\| =1.17.4-r2 \|\| =1.18.2-r0 \|\| =1.18.2-r1 \|\| =1.18.2-r2 \|\| =1.18.3-r0 \|\| =1.18.3-r1 \|\| =1.18.3-r2 \|\| =1.18.3-r3 \|\| =1.18.3-r4 \|\| =1.18.4-r0 \|\| =1.18.4-r1 \|\| =1.18.4-r2 \|\| =1.18.4-r3 \|\| =1.18.4-r4 \|\| =1.18.5-r0 \|\| =1.18.5-r1 \|\| =1.19.0-r0 \|\| =1.19.2-r0 \|\| =1.19.2-r1 \|\| =1.19.2-r2 \|\| =1.19.2-r3 \|\| =1.19.3-r0 \|\| =1.19.3-r1 \|\| =1.19.3-r2 \|\| =1.19.3-r3 \|\| =1.19.3-r4 \|\| =1.19.3-r5 \|\| =1.19.3-r6 \|\| =1.19.3-r7 \|\| =1.19.3-r8 \|\| =1.19.4-r0 \|\| =1.19.4-r1 \|\| =1.19.4-r2 \|\| =1.19.4-r3 \|\| =1.19.4-r4 \|\| =1.20.0-r4 \|\| =1.20.0-r5 \|\| =1.20.0-r6 \|\| =1.20.1-r0 \|\| =1.20.1-r1 \|\| =1.20.2-r0 \|\| =1.20.2-r1 \|\| =1.20.2-r2 \|\| =1.20.2-r3 \|\| =1.20.2-r4 \|\| =1.20.2-r5 \|\| =1.21.0-r0 \|\| =1.21.1-r0 \|\| =1.21.1-r1 \|\| =1.21.1-r2 \|\| =1.21.1-r3 \|\| =1.22.0-r3 \|\| =1.22.1-r0 \|\| =1.22.1-r1 \|\| =1.22.1-r10 \|\| =1.22.1-r11 \|\| =1.22.1-r12 \|\| =1.22.1-r13 \|\| =1.22.1-r14 \|\| =1.22.1-r2 \|\| =1.22.1-r3 \|\| =1.22.1-r4 \|\| =1.22.1-r5 \|\| =1.22.1-r6 \|\| =1.22.1-r7 \|\| =1.22.1-r8 \|\| =1.22.1-r9 \|\| =1.23.0-r0 \|\| =1.23.0-r1 \|\| =1.23.0-r2 \|\| =1.23.0-r3 \|\| =1.23.0-r4 \|\| =1.23.1-r0 \|\| =1.23.2-r0 \|\| =1.23.2-r1 \|\| =1.23.2-r10 \|\| =1.23.2-r2 \|\| =1.23.2-r3 \|\| =1.23.2-r4 \|\| =1.23.2-r5 \|\| =1.23.2-r6 \|\| =1.23.2-r7 \|\| =1.23.2-r8 \|\| =1.23.2-r9 \|\| =1.24.1-r0 \|\| =1.24.1-r1 \|\| =1.24.1-r2 \|\| =1.24.1-r3 \|\| =1.24.1-r4 \|\| =1.24.1-r5 \|\| =1.24.1-r6 \|\| =1.24.1-r7 \|\| =1.24.1-r8 \|\| =1.24.1-r9 \|\| >=0 <1.24.2-r0	1.24.2-r0
debian 14	busybox	>=0 <1:1.27.2-1	1:1.27.2-1
debian 11	busybox	>=0 <1:1.27.2-1	1:1.27.2-1
debian 12	busybox	>=0 <1:1.27.2-1	1:1.27.2-1
debian 13	busybox	>=0 <1:1.27.2-1	1:1.27.2-1
rpm rhel5	busybox	-	-
rpm rhel6	busybox	-	-

Aliases

1. CVE-2016-21472. NVD-2016-21473. OSV-ALPINE-2016-21474. OSV-2016-21475. OSV-DEBIAN-2016-21476. SECURITY-CVE-2016-21477. SECURITY-TRACKER-CVE-2016-2147

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.