CVE-2018-20679

high-risk
Published 2019-01-09

An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to verification in udhcp_get_option() in networking/udhcp/common.c that 4-byte options are indeed 4 bytes.

Do I need to act?

!
12.0% chance of exploitation in next 30 days
EPSS score — higher than 88% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (5)

Affected Vendors

Canonical Busybox

References (14)

http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-G...
http://seclists.org/fulldisclosure/2019/Sep/7
Exploit https://bugs.busybox.net/show_bug.cgi?id=11506
Release Notes https://busybox.net/news.html
Patch https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff5...
https://seclists.org/bugtraq/2019/Sep/7
Third Party Advisory https://usn.ubuntu.com/3935-1/
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-G...
http://seclists.org/fulldisclosure/2019/Sep/7
Exploit https://bugs.busybox.net/show_bug.cgi?id=11506
Release Notes https://busybox.net/news.html
Patch https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff5...
https://seclists.org/bugtraq/2019/Sep/7
Third Party Advisory https://usn.ubuntu.com/3935-1/
50
/ 100
high-risk
Severity 26/34 · High
Exploitability 12/34 · Low
Exposure 12/34 · Low