Executive Summary

Informations
NameCVE-2018-20679First vendor Publication2019-01-09
VendorCveLast vendor Modification2019-01-16

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20679

CWE : Common Weakness Enumeration

%idName
100 %CWE-125Out-of-bounds Read

CPE : Common Platform Enumeration

TypeDescriptionCount
Application139

Sources (Detail)

SourceUrl
MISC https://bugs.busybox.net/show_bug.cgi?id=11506
https://busybox.net/news.html
https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382...

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2019-01-16 17:19:02
  • Multiple Updates
2019-01-09 21:19:16
  • First insertion