oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

two udhcpc (busybox) issues

From: Nico Golde <oss-security+ml () ngolde de>
Date: Fri, 11 Mar 2016 21:16:24 +0100
This is probably only relevant for the embedded space. Sharing two issues I 
found in busybox' dhcp client implementation:

CVE-2016-2147 / OOB heap write due to integer underflow
https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87

CVE-2016-2148 / heap overflow in OPTION_6RD parsing
https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2

Cheers,
Nico

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: