oss-sec mailing list archives
two udhcpc (busybox) issues
From: Nico Golde <oss-security+ml () ngolde de>
Date: Fri, 11 Mar 2016 21:16:24 +0100
This is probably only relevant for the embedded space. Sharing two issues I found in busybox' dhcp client implementation: CVE-2016-2147 / OOB heap write due to integer underflow https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87 CVE-2016-2148 / heap overflow in OPTION_6RD parsing https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2 Cheers, Nico
Attachment:
_bin
Description:
Current thread:
- two udhcpc (busybox) issues Nico Golde (Mar 11)