A heap based buffer overflow was discovered in udhcpc when parsing IPv6 Rapid Deployment DHCP option. An attacker could send a maliciously crafted packet as an answer to a DHCP request, to overwrite the heap, resulting in crash or remote code execution. Upstream patch: https://git.busybox.net/busybox/commit/?id=352f79
Acknowledgments: Name: Nico Golde (Qualcomm Product Security Initiative)
Created busybox tracking bugs for this issue: Affects: fedora-all [bug 1316558]