ID CVE-2018-20679
Summary An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.
References
Vulnerable Configurations
  • cpe:2.3:a:busybox:busybox:-:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:-:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.38:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.39:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.39:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.40:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.40:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.41:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.42:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.43:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.43:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.43:-:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.43:-:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.43:pre:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.43:pre:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.45:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.46:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.46:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.47:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.47:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.48:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.48:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.49:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.49:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.50:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.51:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.52:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.60.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.60.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.60.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.60.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.60.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.60.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.60.3:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.60.3:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.60.4:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.60.4:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:0.60.5:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:0.60.5:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.00:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.00:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.0.0:pre1:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.0.0:pre1:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.0.0:pre10:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.0.0:pre10:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.0.0:pre2:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.0.0:pre2:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.0.0:pre3:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.0.0:pre3:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.0.0:pre4:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.0.0:pre4:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.0.0:pre5:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.0.0:pre5:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.0.0:pre6:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.0.0:pre6:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.0.0:pre7:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.0.0:pre7:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.0.0:pre8:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.0.0:pre8:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.0.0:pre9:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.0.0:pre9:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.01:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.01:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.1.0:pre1:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.1.0:pre1:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.13.4:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.13.4:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.14.3:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.14.4:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.14.4:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.15.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.15.3:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.15.3:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.16.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.17.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.17.3:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.17.3:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.17.4:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.17.4:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.18.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.18.3:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.18.4:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.18.4:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.18.5:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.18.5:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.19.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.19.3:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.19.3:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.19.4:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.19.4:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.20.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.20.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.21.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.21.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.21.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.21.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.22.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.22.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.22.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.23.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.23.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.23.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.23.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.24.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.24.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.24.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.24.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.25.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.25.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.26.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.26.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.26.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.26.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.26.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.27.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.27.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.27.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.27.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.27.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.27.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.28.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.28.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.28.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.28.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.28.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.28.3:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.28.3:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.28.4:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.28.4:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.29.0:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.29.0:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.29.1:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.29.1:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.29.2:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.29.2:*:*:*:*:*:*:*
  • cpe:2.3:a:busybox:busybox:1.29.3:*:*:*:*:*:*:*
    cpe:2.3:a:busybox:busybox:1.29.3:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 04-09-2019 - 23:15)
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Infiltration of Hardware Development Environment
    An attacker, leveraging the ability to manipulate components of primary support systems and tools within the development and production environments, inserts malicious software within the hardware and/or firmware development environment. The infiltration purpose is to alter developed hardware components in a system destined for deployment at the victim's organization, for the purpose of disruption or further compromise.
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bugtraq 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
fulldisc 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
misc
ubuntu USN-3935-1
Last major update 04-09-2019 - 23:15
Published 09-01-2019 - 16:29
Last modified 04-09-2019 - 23:15
Back to Top