Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "busybox", "binary_version": "1:1.21.0-1ubuntu1.4" }, { "binary_name": "busybox-initramfs", "binary_version": "1:1.21.0-1ubuntu1.4" }, { "binary_name": "busybox-static", "binary_version": "1:1.21.0-1ubuntu1.4" }, { "binary_name": "busybox-syslogd", "binary_version": "1:1.21.0-1ubuntu1.4" }, { "binary_name": "udhcpc", "binary_version": "1:1.21.0-1ubuntu1.4" }, { "binary_name": "udhcpd", "binary_version": "1:1.21.0-1ubuntu1.4" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "busybox", "binary_version": "1:1.22.0-15ubuntu1.4" }, { "binary_name": "busybox-initramfs", "binary_version": "1:1.22.0-15ubuntu1.4" }, { "binary_name": "busybox-static", "binary_version": "1:1.22.0-15ubuntu1.4" }, { "binary_name": "busybox-syslogd", "binary_version": "1:1.22.0-15ubuntu1.4" }, { "binary_name": "udhcpc", "binary_version": "1:1.22.0-15ubuntu1.4" }, { "binary_name": "udhcpd", "binary_version": "1:1.22.0-15ubuntu1.4" } ] }