IM
IronMonkey Threat Research

CVE-2016-2147 HIGH

Published: 2017-02-09 | Last Modified: 2026-06-17 | Status: Modified

Description

Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.

Additional Descriptions (1)

Desbordamiento de entero en el cliente DHCP (udhcpc) en BusyBox en versiones anteriores a 1.25.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un nombre de dominio codificado RFC1035 mal formado, lo que desencadena una escritura de memoria dinámica fuera de límites.

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactPARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source Type Description
[email protected] Primary
en CWE-190

Affected Products

Vendor Product Version Update Type
busybox busybox * <built-in method update of dict object at 0x72a9ccf85400> Application
debian debian_linux 8.0 <built-in method update of dict object at 0x72a9ccf86180> Operating System
debian debian_linux 9.0 <built-in method update of dict object at 0x72a9b0d58d40> Operating System
canonical ubuntu_linux 14.04 <built-in method update of dict object at 0x72a9b0debcc0> Operating System
canonical ubuntu_linux 16.04 <built-in method update of dict object at 0x72a9ccf85040> Operating System
canonical ubuntu_linux 18.04 <built-in method update of dict object at 0x72a9cc41ce00> Operating System
canonical ubuntu_linux 18.10 <built-in method update of dict object at 0x72a9b0e0ee80> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Yes cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Yes cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Yes cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

References

Notification
Message here