Fluid Attacks Database

Description

Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	busybox	>=0 <1:1.27.2-1	1:1.27.2-1
alpine v3.4	busybox	=1.12.1-r1 \|\| =1.12.1-r5 \|\| =1.12.1-r6 \|\| =1.13.0-r0 \|\| =1.13.0-r1 \|\| =1.13.0-r2 \|\| =1.13.1-r0 \|\| =1.13.2-r0 \|\| =1.13.2-r1 \|\| =1.13.2-r2 \|\| =1.13.2-r3 \|\| =1.13.2-r4 \|\| =1.13.2-r5 \|\| =1.13.3-r1 \|\| =1.13.3-r2 \|\| =1.13.3-r3 \|\| =1.13.3-r4 \|\| =1.13.3-r5 \|\| =1.13.4-r0 \|\| =1.13.4-r1 \|\| =1.13.4-r2 \|\| =1.14.1-r0 \|\| =1.14.1-r1 \|\| =1.14.1-r2 \|\| =1.14.2-r0 \|\| =1.14.2-r1 \|\| =1.14.2-r2 \|\| =1.14.3-r0 \|\| =1.14.3-r1 \|\| =1.14.3-r2 \|\| =1.14.3-r3 \|\| =1.14.3-r4 \|\| =1.14.3-r5 \|\| =1.14.3-r6 \|\| =1.14.3-r7 \|\| =1.14.4-r0 \|\| =1.15.2-r0 \|\| =1.15.2-r1 \|\| =1.15.3-r0 \|\| =1.15.3-r1 \|\| =1.16.0-r0 \|\| =1.16.0-r1 \|\| =1.16.0-r2 \|\| =1.16.0-r3 \|\| =1.16.0-r4 \|\| =1.16.0-r5 \|\| =1.16.0-r6 \|\| =1.16.0-r7 \|\| =1.16.1-r0 \|\| =1.16.1-r1 \|\| =1.16.1-r2 \|\| =1.16.1-r3 \|\| =1.16.1-r4 \|\| =1.16.2-r0 \|\| =1.16.2-r1 \|\| =1.16.2-r2 \|\| =1.17.0-r0 \|\| =1.17.0-r1 \|\| =1.17.0-r2 \|\| =1.17.0-r3 \|\| =1.17.0-r4 \|\| =1.17.1-r0 \|\| =1.17.1-r1 \|\| =1.17.1-r2 \|\| =1.17.1-r3 \|\| =1.17.1-r4 \|\| =1.17.2-r0 \|\| =1.17.3-r0 \|\| =1.17.3-r1 \|\| =1.17.3-r2 \|\| =1.17.3-r3 \|\| =1.17.4-r0 \|\| =1.17.4-r1 \|\| =1.17.4-r2 \|\| =1.18.2-r0 \|\| =1.18.2-r1 \|\| =1.18.2-r2 \|\| =1.18.3-r0 \|\| =1.18.3-r1 \|\| =1.18.3-r2 \|\| =1.18.3-r3 \|\| =1.18.3-r4 \|\| =1.18.4-r0 \|\| =1.18.4-r1 \|\| =1.18.4-r2 \|\| =1.18.4-r3 \|\| =1.18.4-r4 \|\| =1.18.5-r0 \|\| =1.18.5-r1 \|\| =1.19.0-r0 \|\| =1.19.2-r0 \|\| =1.19.2-r1 \|\| =1.19.2-r2 \|\| =1.19.2-r3 \|\| =1.19.3-r0 \|\| =1.19.3-r1 \|\| =1.19.3-r2 \|\| =1.19.3-r3 \|\| =1.19.3-r4 \|\| =1.19.3-r5 \|\| =1.19.3-r6 \|\| =1.19.3-r7 \|\| =1.19.3-r8 \|\| =1.19.4-r0 \|\| =1.19.4-r1 \|\| =1.19.4-r2 \|\| =1.19.4-r3 \|\| =1.19.4-r4 \|\| =1.20.0-r4 \|\| =1.20.0-r5 \|\| =1.20.0-r6 \|\| =1.20.1-r0 \|\| =1.20.1-r1 \|\| =1.20.2-r0 \|\| =1.20.2-r1 \|\| =1.20.2-r2 \|\| =1.20.2-r3 \|\| =1.20.2-r4 \|\| =1.20.2-r5 \|\| =1.21.0-r0 \|\| =1.21.1-r0 \|\| =1.21.1-r1 \|\| =1.21.1-r2 \|\| =1.21.1-r3 \|\| =1.22.0-r3 \|\| =1.22.1-r0 \|\| =1.22.1-r1 \|\| =1.22.1-r10 \|\| =1.22.1-r11 \|\| =1.22.1-r12 \|\| =1.22.1-r13 \|\| =1.22.1-r14 \|\| =1.22.1-r2 \|\| =1.22.1-r3 \|\| =1.22.1-r4 \|\| =1.22.1-r5 \|\| =1.22.1-r6 \|\| =1.22.1-r7 \|\| =1.22.1-r8 \|\| =1.22.1-r9 \|\| =1.23.0-r0 \|\| =1.23.0-r1 \|\| =1.23.0-r2 \|\| =1.23.0-r3 \|\| =1.23.0-r4 \|\| =1.23.1-r0 \|\| =1.23.2-r0 \|\| =1.23.2-r1 \|\| =1.23.2-r10 \|\| =1.23.2-r2 \|\| =1.23.2-r3 \|\| =1.23.2-r4 \|\| =1.23.2-r5 \|\| =1.23.2-r6 \|\| =1.23.2-r7 \|\| =1.23.2-r8 \|\| =1.23.2-r9 \|\| =1.24.1-r0 \|\| =1.24.1-r1 \|\| =1.24.1-r2 \|\| =1.24.1-r3 \|\| =1.24.1-r4 \|\| =1.24.1-r5 \|\| =1.24.1-r6 \|\| =1.24.1-r7 \|\| =1.24.1-r8 \|\| =1.24.1-r9 \|\| >=0 <1.24.2-r0	1.24.2-r0
debian 11	busybox	>=0 <1:1.27.2-1	1:1.27.2-1
debian 14	busybox	>=0 <1:1.27.2-1	1:1.27.2-1
debian 12	busybox	>=0 <1:1.27.2-1	1:1.27.2-1
rpm rhel6	busybox	-	-
rpm rhel5	busybox	-	-

Aliases

1. CVE-2016-21482. NVD-2016-21483. OSV-DEBIAN-2016-21484. OSV-2016-21485. OSV-ALPINE-2016-21486. SECURITY-TRACKER-CVE-2016-21487. SECURITY-CVE-2016-2148

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.