Bug 1316554 (CVE-2016-2147) - CVE-2016-2147 busybox: out of bounds write (heap) due to integer underflow in udhcpc
Summary: CVE-2016-2147 busybox: out of bounds write (heap) due to integer underflow in...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2016-2147
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1316558
Blocks: 1316559
TreeView+ depends on / blocked
 
Reported: 2016-03-10 13:17 UTC by Martin Prpič
Modified: 2021-02-17 04:11 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-03-11 09:25:16 UTC


Attachments (Terms of Use)

Description Martin Prpič 2016-03-10 13:17:20 UTC
An out of bound write was discovered in udhcpc when parsing the Domain Search option. An attacker could send a maliciously crafted packet answering a DHCP request triggering a denial of service on the client.

Comment 1 Martin Prpič 2016-03-10 13:17:29 UTC
Acknowledgments:

Name: Nico Golde (Qualcomm Product Security Initiative)

Comment 2 Martin Prpič 2016-03-10 13:21:08 UTC
Created busybox tracking bugs for this issue:

Affects: fedora-all [bug 1316558]

Comment 3 Cedric Buissart 2016-03-11 09:04:13 UTC
Upstream fix :
 - udhcp: fix a SEGV on malformed RFC1035-encoded domain name
https://git.busybox.net/busybox/commit/?id=d474ffc

and a minor regression :
 - udhcpc: fix a warning in debug code
https://git.busybox.net/busybox/commit/?id=1b7c17


Note You need to log in before you can comment on or make changes to this bug.