Threat Encyclopedia

BusyBox.Project.BusyBox.udhcp.Option.Out.of.Bounds.Read

description-logoDescription

This indicates an attack attempt to exploit an Out Of Bounds Read vulnerability in BusyBox udhcp.
A remote unauthenticated user can exploit this vulnerability by sending a crafted DHCP message to the vulnerable system. Successful exploitation could lead to disclosure of sensitive information.

affected-products-logoAffected Products

BusyBox Project BusyBox prior to 1.30.0

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor:
https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c

CVE References

CVE-2018-20679

Telemetry logoTelemetry