2466526 – (CVE-2026-29004) CVE-2026-29004 BusyBox: BusyBox: Arbitrary Code Execution via DHCPv6 Client Heap Buffer Overflow

Bug 2466526 (CVE-2026-29004) - CVE-2026-29004 BusyBox: BusyBox: Arbitrary Code Execution via DHCPv6 Client Heap Buffer Overflow

Summary: CVE-2026-29004 BusyBox: BusyBox: Arbitrary Code Execution via DHCPv6 Client H...

Keywords:
Status:	NEW
Alias:	CVE-2026-29004
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2482653 2482663
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-04 19:03 UTC by OSIDB Bzimport
Modified:	2026-06-02 08:28 UTC (History)
CC List:	14 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-04 19:03:47 UTC

BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6_OPT_DNS_SERVERS option. Attackers can exploit incorrect heap buffer allocation calculations in the option_to_env() function to cause denial of service or achieve arbitrary code execution on embedded systems without heap hardening.

Note You need to log in before you can comment on or make changes to this bug.