An out of bound write was discovered in udhcpc when parsing the Domain Search option. An attacker could send a maliciously crafted packet answering a DHCP request triggering a denial of service on the client.
Acknowledgments: Name: Nico Golde (Qualcomm Product Security Initiative)
Created busybox tracking bugs for this issue: Affects: fedora-all [bug 1316558]
Upstream fix : - udhcp: fix a SEGV on malformed RFC1035-encoded domain name https://git.busybox.net/busybox/commit/?id=d474ffc and a minor regression : - udhcpc: fix a warning in debug code https://git.busybox.net/busybox/commit/?id=1b7c17