Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-20679

Опубликовано: 09 янв. 2019
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.

РелизСтатусПримечание
bionic

released

1:1.27.2-2ubuntu3.2
cosmic

released

1:1.27.2-2ubuntu4.1
devel

released

1:1.27.2-2ubuntu5
disco

released

1:1.27.2-2ubuntu5
eoan

released

1:1.27.2-2ubuntu5
esm-infra-legacy/trusty

released

1:1.21.0-1ubuntu1.4
esm-infra/bionic

released

1:1.27.2-2ubuntu3.2
esm-infra/focal

released

1:1.27.2-2ubuntu5
esm-infra/xenial

released

1:1.22.0-15ubuntu1.4
focal

released

1:1.27.2-2ubuntu5

Показывать по

Ссылки на источники

EPSS

Процентиль: 93%
0.09589
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-20679

CVSS3: 4.3
redhat
около 7 лет назад

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.

nvd логотип

CVE-2018-20679

CVSS3: 7.5
nvd
около 7 лет назад

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.

debian логотип

CVE-2018-20679

CVSS3: 7.5
debian
около 7 лет назад

An issue was discovered in BusyBox before 1.30.0. An out of bounds rea ...

github логотип

GHSA-73q8-6p6h-wvfh

CVSS3: 7.5
github
больше 3 лет назад

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.

suse-cvrf логотип

openSUSE-SU-2021:3531-1

suse-cvrf
больше 4 лет назад

Security update for busybox

EPSS

Процентиль: 93%
0.09589
Низкий

5 Medium

CVSS2

7.5 High

CVSS3