The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of BusyBox

vulnerability note CVE-2019-5747

BusyBox: out-of-bounds memory reading via DHCP_SUBNET

Synthesis of the vulnerability

An attacker can force a read at an invalid address via DHCP_SUBNET of BusyBox, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: BusyBox.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 10/01/2019.
Identifiers: CVE-2019-5747, VIGILANCE-VUL-28234.

Description of the vulnerability

An attacker can force a read at an invalid address via DHCP_SUBNET of BusyBox, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-20679

BusyBox: out-of-bounds memory reading via udhcp_get_option

Synthesis of the vulnerability

An attacker can force a read at an invalid address via udhcp_get_option() of BusyBox, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: BusyBox.
Severity: 2/4.
Consequences: data reading, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/01/2019.
Identifiers: CVE-2018-20679, VIGILANCE-VUL-28233.

Description of the vulnerability

An attacker can force a read at an invalid address via udhcp_get_option() of BusyBox, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-2148

BusyBox: buffer overflow via DHCP Client OPTION_6RD

Synthesis of the vulnerability

An attacker can generate a buffer overflow via DHCP Client OPTION_6RD of BusyBox, in order to trigger a denial of service, and possibly to run code.
Impacted products: BusyBox, Debian.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: intranet server.
Creation date: 27/07/2018.
Identifiers: CVE-2016-2148, DLA-1445-1, DLA-1445-2, DLA-1445-3, VIGILANCE-VUL-26858.

Description of the vulnerability

An attacker can generate a buffer overflow via DHCP Client OPTION_6RD of BusyBox, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-2147

BusyBox: integer overflow via DHCP Client

Synthesis of the vulnerability

An attacker can generate an integer overflow via DHCP Client of BusyBox, in order to trigger a denial of service, and possibly to run code.
Impacted products: BusyBox, Debian.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: LAN.
Creation date: 27/07/2018.
Identifiers: CVE-2016-2147, DLA-1445-1, DLA-1445-2, DLA-1445-3, VIGILANCE-VUL-26857.

Description of the vulnerability

An attacker can generate an integer overflow via DHCP Client of BusyBox, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-9261

BusyBox: denial of service via huft_build

Synthesis of the vulnerability

An attacker can generate a fatal error via huft_build() of BusyBox, in order to trigger a denial of service.
Impacted products: BusyBox, Debian.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 27/07/2018.
Identifiers: CVE-2015-9261, DLA-1445-1, DLA-1445-2, DLA-1445-3, VIGILANCE-VUL-26856.

Description of the vulnerability

An attacker can generate a fatal error via huft_build() of BusyBox, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1000500

BusyBox: Man-in-the-Middle via wget

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle via wget on BusyBox, in order to read or write data in the session.
Impacted products: BusyBox, WindRiver Linux.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 27/06/2018.
Identifiers: CVE-2018-1000500, VIGILANCE-VUL-26552.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle via wget on BusyBox, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-1000517

BusyBox: buffer overflow via wget

Synthesis of the vulnerability

An attacker can generate a buffer overflow via wget of BusyBox, in order to trigger a denial of service, and possibly to run code.
Impacted products: BusyBox, Debian, WindRiver Linux.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 27/06/2018.
Identifiers: CVE-2018-1000517, DLA-1445-1, DLA-1445-2, DLA-1445-3, VIGILANCE-VUL-26551.

Description of the vulnerability

An attacker can generate a buffer overflow via wget of BusyBox, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-16544

BusyBox: code execution via AutoComplete

Synthesis of the vulnerability

An attacker can use a vulnerability via AutoComplete of BusyBox, in order to run code.
Impacted products: BusyBox, Debian.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 21/11/2017.
Identifiers: CVE-2017-16544, DLA-1445-1, DLA-1445-2, DLA-1445-3, VIGILANCE-VUL-24504.

Description of the vulnerability

An attacker can use a vulnerability via AutoComplete of BusyBox, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-15874

BusyBox: integer overflow via decompress_unlzma.c

Synthesis of the vulnerability

An attacker can generate an integer overflow via decompress_unlzma.c of BusyBox, in order to trigger a denial of service, and possibly to run code.
Impacted products: BusyBox.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 25/10/2017.
Identifiers: 10436, CVE-2017-15874, VIGILANCE-VUL-24230.

Description of the vulnerability

An attacker can generate an integer overflow via decompress_unlzma.c of BusyBox, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-15873

BusyBox: integer overflow via get_next_block

Synthesis of the vulnerability

An attacker can generate an integer overflow via get_next_block() of BusyBox, in order to trigger a denial of service, and possibly to run code.
Impacted products: BusyBox, Debian.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 25/10/2017.
Identifiers: 10431, CVE-2017-15873, DLA-1445-1, DLA-1445-2, DLA-1445-3, VIGILANCE-VUL-24229.

Description of the vulnerability

An attacker can generate an integer overflow via get_next_block() of BusyBox, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about BusyBox: